Merge branch 'vendor/OPENSSL'
authorSascha Wildner <saw@online.de>
Thu, 19 Mar 2015 20:06:51 +0000 (21:06 +0100)
committerSascha Wildner <saw@online.de>
Thu, 19 Mar 2015 20:06:51 +0000 (21:06 +0100)
1  2 
crypto/openssl/crypto/des/des_old.h
crypto/openssl/crypto/engine/eng_all.c
crypto/openssl/crypto/engine/eng_cryptodev.c
crypto/openssl/crypto/engine/engine.h
crypto/openssl/crypto/evp/c_all.c
crypto/openssl/crypto/uid.c
crypto/openssl/ssl/srtp.h

@@@ -1,6 -1,7 +1,7 @@@
  /* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
  
- /* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ /*-
+  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
   *
   * The function names in here are deprecated and are only present to
   * provide an interface compatible with openssl 0.9.6 and older as
@@@ -31,8 -32,9 +32,9 @@@
   * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
   */
  
- /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
-  * project 2001.
+ /*
+  * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+  * 2001.
   */
  /* ====================================================================
   * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
@@@ -42,7 -44,7 +44,7 @@@
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
-  *    notice, this list of conditions and the following disclaimer. 
+  *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   */
  
  #ifndef HEADER_DES_H
- #define HEADER_DES_H
+ # define HEADER_DES_H
  
- #include <openssl/e_os2.h>    /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
+ # include <openssl/e_os2.h>     /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
  
- #ifdef OPENSSL_NO_DES
- #error DES is disabled.
- #endif
+ # ifdef OPENSSL_NO_DES
+ #  error DES is disabled.
+ # endif
  
- #ifndef HEADER_NEW_DES_H
- #error You must include des.h, not des_old.h directly.
- #endif
+ # ifndef HEADER_NEW_DES_H
+ #  error You must include des.h, not des_old.h directly.
+ # endif
  
- #ifdef _KERBEROS_DES_H
- #error <openssl/des_old.h> replaces <kerberos/des.h>.
- #endif
+ # ifdef _KERBEROS_DES_H
+ #  error <openssl/des_old.h> replaces <kerberos/des.h>.
+ # endif
  
- #include <openssl/symhacks.h>
+ # include <openssl/symhacks.h>
  
- #ifdef OPENSSL_BUILD_SHLIBCRYPTO
- # undef OPENSSL_EXTERN
- # define OPENSSL_EXTERN OPENSSL_EXPORT
- #endif
+ # ifdef OPENSSL_BUILD_SHLIBCRYPTO
+ #  undef OPENSSL_EXTERN
+ #  define OPENSSL_EXTERN OPENSSL_EXPORT
+ # endif
  
  #ifdef  __cplusplus
  extern "C" {
  #endif
  
- #ifdef _
- #undef _
- #endif
+ # ifdef _
+ #  undef _
+ # endif
  
  typedef unsigned char _ossl_old_des_cblock[8];
- typedef struct _ossl_old_des_ks_struct
-       {
-       union   {
-               _ossl_old_des_cblock _;
-               /* make sure things are correct size on machines with
-                * 8 byte longs */
-               DES_LONG pad[2];
-               } ks;
-       } _ossl_old_des_key_schedule[16];
- #ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
- #define des_cblock DES_cblock
- #define const_des_cblock const_DES_cblock
- #define des_key_schedule DES_key_schedule
- #define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-       DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
- #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-       DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
- #define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
-       DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
- #define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-       DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
- #define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-       DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
- #define des_options()\
-       DES_options()
- #define des_cbc_cksum(i,o,l,k,iv)\
-       DES_cbc_cksum((i),(o),(l),&(k),(iv))
- #define des_cbc_encrypt(i,o,l,k,iv,e)\
-       DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
- #define des_ncbc_encrypt(i,o,l,k,iv,e)\
-       DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
- #define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-       DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
- #define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-       DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
- #define des_ecb_encrypt(i,o,k,e)\
-       DES_ecb_encrypt((i),(o),&(k),(e))
- #define des_encrypt1(d,k,e)\
-       DES_encrypt1((d),&(k),(e))
- #define des_encrypt2(d,k,e)\
-       DES_encrypt2((d),&(k),(e))
- #define des_encrypt3(d,k1,k2,k3)\
-       DES_encrypt3((d),&(k1),&(k2),&(k3))
- #define des_decrypt3(d,k1,k2,k3)\
-       DES_decrypt3((d),&(k1),&(k2),&(k3))
- #define des_xwhite_in2out(k,i,o)\
-       DES_xwhite_in2out((k),(i),(o))
- #define des_enc_read(f,b,l,k,iv)\
-       DES_enc_read((f),(b),(l),&(k),(iv))
- #define des_enc_write(f,b,l,k,iv)\
-       DES_enc_write((f),(b),(l),&(k),(iv))
- #define des_fcrypt(b,s,r)\
-       DES_fcrypt((b),(s),(r))
- #if 0
- #define des_crypt(b,s)\
-       DES_crypt((b),(s))
- #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) && !defined(__DragonFly__)
- #define crypt(b,s)\
-       DES_crypt((b),(s))
- #endif
- #endif
- #define des_ofb_encrypt(i,o,n,l,k,iv)\
-       DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
- #define des_pcbc_encrypt(i,o,l,k,iv,e)\
-       DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
- #define des_quad_cksum(i,o,l,c,s)\
-       DES_quad_cksum((i),(o),(l),(c),(s))
- #define des_random_seed(k)\
-       _ossl_096_des_random_seed((k))
- #define des_random_key(r)\
-       DES_random_key((r))
- #define des_read_password(k,p,v) \
-       DES_read_password((k),(p),(v))
- #define des_read_2passwords(k1,k2,p,v) \
-       DES_read_2passwords((k1),(k2),(p),(v))
- #define des_set_odd_parity(k)\
-       DES_set_odd_parity((k))
- #define des_check_key_parity(k)\
-       DES_check_key_parity((k))
- #define des_is_weak_key(k)\
-       DES_is_weak_key((k))
- #define des_set_key(k,ks)\
-       DES_set_key((k),&(ks))
- #define des_key_sched(k,ks)\
-       DES_key_sched((k),&(ks))
- #define des_set_key_checked(k,ks)\
-       DES_set_key_checked((k),&(ks))
- #define des_set_key_unchecked(k,ks)\
-       DES_set_key_unchecked((k),&(ks))
- #define des_string_to_key(s,k)\
-       DES_string_to_key((s),(k))
- #define des_string_to_2keys(s,k1,k2)\
-       DES_string_to_2keys((s),(k1),(k2))
- #define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-       DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
- #define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-       DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-               
- #define des_ecb2_encrypt(i,o,k1,k2,e) \
-       des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
- #define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-       des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
- #define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-       des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
- #define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-       des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
- #define des_check_key DES_check_key
- #define des_rw_mode DES_rw_mode
- #else /* libdes compatibility */
- /* Map all symbol names to _ossl_old_des_* form, so we avoid all
-    clashes with libdes */
- #define des_cblock _ossl_old_des_cblock
- #define des_key_schedule _ossl_old_des_key_schedule
- #define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-       _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
- #define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-       _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
- #define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-       _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
- #define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-       _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
- #define des_options()\
-       _ossl_old_des_options()
- #define des_cbc_cksum(i,o,l,k,iv)\
-       _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
- #define des_cbc_encrypt(i,o,l,k,iv,e)\
-       _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
- #define des_ncbc_encrypt(i,o,l,k,iv,e)\
-       _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
- #define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-       _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
- #define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-       _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
- #define des_ecb_encrypt(i,o,k,e)\
-       _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
- #define des_encrypt(d,k,e)\
-       _ossl_old_des_encrypt((d),(k),(e))
- #define des_encrypt2(d,k,e)\
-       _ossl_old_des_encrypt2((d),(k),(e))
- #define des_encrypt3(d,k1,k2,k3)\
-       _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
- #define des_decrypt3(d,k1,k2,k3)\
-       _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
- #define des_xwhite_in2out(k,i,o)\
-       _ossl_old_des_xwhite_in2out((k),(i),(o))
- #define des_enc_read(f,b,l,k,iv)\
-       _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
- #define des_enc_write(f,b,l,k,iv)\
-       _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
- #define des_fcrypt(b,s,r)\
-       _ossl_old_des_fcrypt((b),(s),(r))
- #define des_crypt(b,s)\
-       _ossl_old_des_crypt((b),(s))
- #if 0
- #define crypt(b,s)\
-       _ossl_old_crypt((b),(s))
- #endif
- #define des_ofb_encrypt(i,o,n,l,k,iv)\
-       _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
- #define des_pcbc_encrypt(i,o,l,k,iv,e)\
-       _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
- #define des_quad_cksum(i,o,l,c,s)\
-       _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
- #define des_random_seed(k)\
-       _ossl_old_des_random_seed((k))
- #define des_random_key(r)\
-       _ossl_old_des_random_key((r))
- #define des_read_password(k,p,v) \
-       _ossl_old_des_read_password((k),(p),(v))
- #define des_read_2passwords(k1,k2,p,v) \
-       _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
- #define des_set_odd_parity(k)\
-       _ossl_old_des_set_odd_parity((k))
- #define des_is_weak_key(k)\
-       _ossl_old_des_is_weak_key((k))
- #define des_set_key(k,ks)\
-       _ossl_old_des_set_key((k),(ks))
- #define des_key_sched(k,ks)\
-       _ossl_old_des_key_sched((k),(ks))
- #define des_string_to_key(s,k)\
-       _ossl_old_des_string_to_key((s),(k))
- #define des_string_to_2keys(s,k1,k2)\
-       _ossl_old_des_string_to_2keys((s),(k1),(k2))
- #define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-       _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
- #define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-       _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-               
- #define des_ecb2_encrypt(i,o,k1,k2,e) \
-       des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
- #define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-       des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
- #define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-       des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
- #define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-       des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
- #define des_check_key DES_check_key
- #define des_rw_mode DES_rw_mode
- #endif
+ typedef struct _ossl_old_des_ks_struct {
+     union {
+         _ossl_old_des_cblock _;
+         /*
+          * make sure things are correct size on machines with 8 byte longs
+          */
+         DES_LONG pad[2];
+     } ks;
+ } _ossl_old_des_key_schedule[16];
+ # ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+ #  define des_cblock DES_cblock
+ #  define const_des_cblock const_DES_cblock
+ #  define des_key_schedule DES_key_schedule
+ #  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+         DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+ #  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+         DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+ #  define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+         DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+ #  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+         DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+ #  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+         DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+ #  define des_options()\
+         DES_options()
+ #  define des_cbc_cksum(i,o,l,k,iv)\
+         DES_cbc_cksum((i),(o),(l),&(k),(iv))
+ #  define des_cbc_encrypt(i,o,l,k,iv,e)\
+         DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+ #  define des_ncbc_encrypt(i,o,l,k,iv,e)\
+         DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+ #  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+         DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+ #  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+         DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+ #  define des_ecb_encrypt(i,o,k,e)\
+         DES_ecb_encrypt((i),(o),&(k),(e))
+ #  define des_encrypt1(d,k,e)\
+         DES_encrypt1((d),&(k),(e))
+ #  define des_encrypt2(d,k,e)\
+         DES_encrypt2((d),&(k),(e))
+ #  define des_encrypt3(d,k1,k2,k3)\
+         DES_encrypt3((d),&(k1),&(k2),&(k3))
+ #  define des_decrypt3(d,k1,k2,k3)\
+         DES_decrypt3((d),&(k1),&(k2),&(k3))
+ #  define des_xwhite_in2out(k,i,o)\
+         DES_xwhite_in2out((k),(i),(o))
+ #  define des_enc_read(f,b,l,k,iv)\
+         DES_enc_read((f),(b),(l),&(k),(iv))
+ #  define des_enc_write(f,b,l,k,iv)\
+         DES_enc_write((f),(b),(l),&(k),(iv))
+ #  define des_fcrypt(b,s,r)\
+         DES_fcrypt((b),(s),(r))
+ #  if 0
+ #   define des_crypt(b,s)\
+         DES_crypt((b),(s))
 -#   if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
++#   if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) && !defined(__DragonFly__)
+ #    define crypt(b,s)\
+         DES_crypt((b),(s))
+ #   endif
+ #  endif
+ #  define des_ofb_encrypt(i,o,n,l,k,iv)\
+         DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+ #  define des_pcbc_encrypt(i,o,l,k,iv,e)\
+         DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+ #  define des_quad_cksum(i,o,l,c,s)\
+         DES_quad_cksum((i),(o),(l),(c),(s))
+ #  define des_random_seed(k)\
+         _ossl_096_des_random_seed((k))
+ #  define des_random_key(r)\
+         DES_random_key((r))
+ #  define des_read_password(k,p,v) \
+         DES_read_password((k),(p),(v))
+ #  define des_read_2passwords(k1,k2,p,v) \
+         DES_read_2passwords((k1),(k2),(p),(v))
+ #  define des_set_odd_parity(k)\
+         DES_set_odd_parity((k))
+ #  define des_check_key_parity(k)\
+         DES_check_key_parity((k))
+ #  define des_is_weak_key(k)\
+         DES_is_weak_key((k))
+ #  define des_set_key(k,ks)\
+         DES_set_key((k),&(ks))
+ #  define des_key_sched(k,ks)\
+         DES_key_sched((k),&(ks))
+ #  define des_set_key_checked(k,ks)\
+         DES_set_key_checked((k),&(ks))
+ #  define des_set_key_unchecked(k,ks)\
+         DES_set_key_unchecked((k),&(ks))
+ #  define des_string_to_key(s,k)\
+         DES_string_to_key((s),(k))
+ #  define des_string_to_2keys(s,k1,k2)\
+         DES_string_to_2keys((s),(k1),(k2))
+ #  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+         DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+ #  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+         DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+ #  define des_ecb2_encrypt(i,o,k1,k2,e) \
+         des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+ #  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+         des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+ #  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+         des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+ #  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+         des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+ #  define des_check_key DES_check_key
+ #  define des_rw_mode DES_rw_mode
+ # else                          /* libdes compatibility */
+ /*
+  * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
+  * libdes
+  */
+ #  define des_cblock _ossl_old_des_cblock
+ #  define des_key_schedule _ossl_old_des_key_schedule
+ #  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+         _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+ #  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+         _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+ #  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+         _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+ #  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+         _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+ #  define des_options()\
+         _ossl_old_des_options()
+ #  define des_cbc_cksum(i,o,l,k,iv)\
+         _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+ #  define des_cbc_encrypt(i,o,l,k,iv,e)\
+         _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+ #  define des_ncbc_encrypt(i,o,l,k,iv,e)\
+         _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+ #  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+         _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+ #  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+         _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+ #  define des_ecb_encrypt(i,o,k,e)\
+         _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+ #  define des_encrypt(d,k,e)\
+         _ossl_old_des_encrypt((d),(k),(e))
+ #  define des_encrypt2(d,k,e)\
+         _ossl_old_des_encrypt2((d),(k),(e))
+ #  define des_encrypt3(d,k1,k2,k3)\
+         _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+ #  define des_decrypt3(d,k1,k2,k3)\
+         _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+ #  define des_xwhite_in2out(k,i,o)\
+         _ossl_old_des_xwhite_in2out((k),(i),(o))
+ #  define des_enc_read(f,b,l,k,iv)\
+         _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+ #  define des_enc_write(f,b,l,k,iv)\
+         _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+ #  define des_fcrypt(b,s,r)\
+         _ossl_old_des_fcrypt((b),(s),(r))
+ #  define des_crypt(b,s)\
+         _ossl_old_des_crypt((b),(s))
+ #  if 0
+ #   define crypt(b,s)\
+         _ossl_old_crypt((b),(s))
+ #  endif
+ #  define des_ofb_encrypt(i,o,n,l,k,iv)\
+         _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+ #  define des_pcbc_encrypt(i,o,l,k,iv,e)\
+         _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+ #  define des_quad_cksum(i,o,l,c,s)\
+         _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+ #  define des_random_seed(k)\
+         _ossl_old_des_random_seed((k))
+ #  define des_random_key(r)\
+         _ossl_old_des_random_key((r))
+ #  define des_read_password(k,p,v) \
+         _ossl_old_des_read_password((k),(p),(v))
+ #  define des_read_2passwords(k1,k2,p,v) \
+         _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+ #  define des_set_odd_parity(k)\
+         _ossl_old_des_set_odd_parity((k))
+ #  define des_is_weak_key(k)\
+         _ossl_old_des_is_weak_key((k))
+ #  define des_set_key(k,ks)\
+         _ossl_old_des_set_key((k),(ks))
+ #  define des_key_sched(k,ks)\
+         _ossl_old_des_key_sched((k),(ks))
+ #  define des_string_to_key(s,k)\
+         _ossl_old_des_string_to_key((s),(k))
+ #  define des_string_to_2keys(s,k1,k2)\
+         _ossl_old_des_string_to_2keys((s),(k1),(k2))
+ #  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+         _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+ #  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+         _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+ #  define des_ecb2_encrypt(i,o,k1,k2,e) \
+         des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+ #  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+         des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+ #  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+         des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+ #  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+         des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+ #  define des_check_key DES_check_key
+ #  define des_rw_mode DES_rw_mode
+ # endif
  
  const char *_ossl_old_des_options(void);
- void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-       _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
-       _ossl_old_des_key_schedule ks3, int enc);
- DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-       long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
- void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
- void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
- void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
-       _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
- void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-       long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
- void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-       _ossl_old_des_key_schedule ks,int enc);
- void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
- void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+ void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output,
+                                 _ossl_old_des_key_schedule ks1,
+                                 _ossl_old_des_key_schedule ks2,
+                                 _ossl_old_des_key_schedule ks3, int enc);
+ DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
+                                  _ossl_old_des_cblock *output, long length,
+                                  _ossl_old_des_key_schedule schedule,
+                                  _ossl_old_des_cblock *ivec);
+ void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                _ossl_old_des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc);
+ void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output, long length,
+                                 _ossl_old_des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int enc);
+ void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output, long length,
+                                 _ossl_old_des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec,
+                                 _ossl_old_des_cblock *inw,
+                                 _ossl_old_des_cblock *outw, int enc);
+ void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
+                                int numbits, long length,
+                                _ossl_old_des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc);
+ void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output,
+                                _ossl_old_des_key_schedule ks, int enc);
+ void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
+                            int enc);
+ void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
+                             int enc);
  void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-       _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+                             _ossl_old_des_key_schedule ks2,
+                             _ossl_old_des_key_schedule ks3);
  void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-       _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
- void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
-       long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
-       _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
+                             _ossl_old_des_key_schedule ks2,
+                             _ossl_old_des_key_schedule ks3);
+ void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
+                                     _ossl_old_des_cblock *output, long length,
+                                     _ossl_old_des_key_schedule ks1,
+                                     _ossl_old_des_key_schedule ks2,
+                                     _ossl_old_des_key_schedule ks3,
+                                     _ossl_old_des_cblock *ivec, int enc);
  void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-       long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
-       _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
+                                       long length,
+                                       _ossl_old_des_key_schedule ks1,
+                                       _ossl_old_des_key_schedule ks2,
+                                       _ossl_old_des_key_schedule ks3,
+                                       _ossl_old_des_cblock *ivec, int *num,
+                                       int enc);
  void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-       long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
-       _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
- #if 0
- void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
-       _ossl_old_des_cblock (*out_white));
- #endif
- int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
-       _ossl_old_des_cblock *iv);
- int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
-       _ossl_old_des_cblock *iv);
- char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
- char *_ossl_old_des_crypt(const char *buf,const char *salt);
- #if !defined(PERL5) && !defined(NeXT)
- char *_ossl_old_crypt(const char *buf,const char *salt);
- #endif
- void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
-       int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
- void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
- DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-       long length,int out_count,_ossl_old_des_cblock *seed);
+                                       long length,
+                                       _ossl_old_des_key_schedule ks1,
+                                       _ossl_old_des_key_schedule ks2,
+                                       _ossl_old_des_key_schedule ks3,
+                                       _ossl_old_des_cblock *ivec, int *num);
+ # if 0
+ void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
+                                  _ossl_old_des_cblock (*in_white),
+                                  _ossl_old_des_cblock (*out_white));
+ # endif
+ int _ossl_old_des_enc_read(int fd, char *buf, int len,
+                            _ossl_old_des_key_schedule sched,
+                            _ossl_old_des_cblock *iv);
+ int _ossl_old_des_enc_write(int fd, char *buf, int len,
+                             _ossl_old_des_key_schedule sched,
+                             _ossl_old_des_cblock *iv);
+ char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
+ char *_ossl_old_des_crypt(const char *buf, const char *salt);
+ # if !defined(PERL5) && !defined(NeXT)
+ char *_ossl_old_crypt(const char *buf, const char *salt);
+ # endif
+ void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
+                                int numbits, long length,
+                                _ossl_old_des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec);
+ void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output, long length,
+                                 _ossl_old_des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int enc);
+ DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
+                                   _ossl_old_des_cblock *output, long length,
+                                   int out_count, _ossl_old_des_cblock *seed);
  void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
  void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
- int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
- int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
-       const char *prompt,int verify);
+ int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+                                 int verify);
+ int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
+                                   _ossl_old_des_cblock *key2,
+                                   const char *prompt, int verify);
  void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
  int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
- int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
- int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
- void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
- void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
- void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-       _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
- void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-       _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
+ int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
+                           _ossl_old_des_key_schedule schedule);
+ int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
+                             _ossl_old_des_key_schedule schedule);
+ void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
+ void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
+                                    _ossl_old_des_cblock *key2);
+ void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                                  long length,
+                                  _ossl_old_des_key_schedule schedule,
+                                  _ossl_old_des_cblock *ivec, int *num,
+                                  int enc);
+ void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
+                                  long length,
+                                  _ossl_old_des_key_schedule schedule,
+                                  _ossl_old_des_cblock *ivec, int *num);
  
  void _ossl_096_des_random_seed(des_cblock *key);
  
- /* The following definitions provide compatibility with the MIT Kerberos
-  * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
+ /*
+  * The following definitions provide compatibility with the MIT Kerberos
+  * library. The _ossl_old_des_key_schedule structure is not binary
+  * compatible.
+  */
  
- #define _KERBEROS_DES_H
+ # define _KERBEROS_DES_H
  
- #define KRBDES_ENCRYPT DES_ENCRYPT
- #define KRBDES_DECRYPT DES_DECRYPT
+ # define KRBDES_ENCRYPT DES_ENCRYPT
+ # define KRBDES_DECRYPT DES_DECRYPT
  
- #ifdef KERBEROS
+ # ifdef KERBEROS
  #  define ENCRYPT DES_ENCRYPT
  #  define DECRYPT DES_DECRYPT
- #endif
+ # endif
  
- #ifndef NCOMPAT
+ # ifndef NCOMPAT
  #  define C_Block des_cblock
  #  define Key_schedule des_key_schedule
  #  define KEY_SZ DES_KEY_SZ
  #  define cbc_cksum des_cbc_cksum
  #  define quad_cksum des_quad_cksum
  #  define check_parity des_check_key_parity
- #endif
+ # endif
  
- #define des_fixup_key_parity DES_fixup_key_parity
+ # define des_fixup_key_parity DES_fixup_key_parity
  
  #ifdef  __cplusplus
  }
  #endif
  
  /* for DES_read_pw_string et al */
- #include <openssl/ui_compat.h>
+ # include <openssl/ui_compat.h>
  
  #endif
@@@ -1,6 -1,7 +1,7 @@@
  /* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
- /* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
-  * project 2000.
+ /*
+  * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
+  * 2000.
   */
  /* ====================================================================
   * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
@@@ -10,7 -11,7 +11,7 @@@
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
-  *    notice, this list of conditions and the following disclaimer. 
+  *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
  #include "eng_int.h"
  
  void ENGINE_load_builtin_engines(void)
      {
-       /* Some ENGINEs need this */
-       OPENSSL_cpuid_setup();
+ {
+     /* Some ENGINEs need this */
+     OPENSSL_cpuid_setup();
  #if 0
-       /* There's no longer any need for an "openssl" ENGINE unless, one day,
-        * it is the *only* way for standard builtin implementations to be be
-        * accessed (ie. it would be possible to statically link binaries with
-        * *no* builtin implementations). */
-       ENGINE_load_openssl();
+     /*
+      * There's no longer any need for an "openssl" ENGINE unless, one day, it
+      * is the *only* way for standard builtin implementations to be be
+      * accessed (ie. it would be possible to statically link binaries with
+      * *no* builtin implementations).
+      */
+     ENGINE_load_openssl();
  #endif
 -#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
 +#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV))
-       ENGINE_load_cryptodev();
+     ENGINE_load_cryptodev();
  #endif
  #ifndef OPENSSL_NO_RSAX
-       ENGINE_load_rsax();
+     ENGINE_load_rsax();
  #endif
  #ifndef OPENSSL_NO_RDRAND
-       ENGINE_load_rdrand();
+     ENGINE_load_rdrand();
  #endif
-       ENGINE_load_dynamic();
+     ENGINE_load_dynamic();
  #ifndef OPENSSL_NO_STATIC_ENGINE
- #ifndef OPENSSL_NO_HW
- #ifndef OPENSSL_NO_HW_4758_CCA
-       ENGINE_load_4758cca();
- #endif
- #ifndef OPENSSL_NO_HW_AEP
-       ENGINE_load_aep();
- #endif
- #ifndef OPENSSL_NO_HW_ATALLA
-       ENGINE_load_atalla();
- #endif
- #ifndef OPENSSL_NO_HW_CSWIFT
-       ENGINE_load_cswift();
- #endif
- #ifndef OPENSSL_NO_HW_NCIPHER
-       ENGINE_load_chil();
- #endif
- #ifndef OPENSSL_NO_HW_NURON
-       ENGINE_load_nuron();
- #endif
- #ifndef OPENSSL_NO_HW_SUREWARE
-       ENGINE_load_sureware();
- #endif
- #ifndef OPENSSL_NO_HW_UBSEC
-       ENGINE_load_ubsec();
- #endif
- #ifndef OPENSSL_NO_HW_PADLOCK
-       ENGINE_load_padlock();
- #endif
- #endif
- #ifndef OPENSSL_NO_GOST
-       ENGINE_load_gost();
- #endif
- #ifndef OPENSSL_NO_GMP
-       ENGINE_load_gmp();
- #endif
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-       ENGINE_load_capi();
- #endif
- #endif
-       ENGINE_register_all_complete();
      }
+ # ifndef OPENSSL_NO_HW
+ #  ifndef OPENSSL_NO_HW_4758_CCA
+     ENGINE_load_4758cca();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_AEP
+     ENGINE_load_aep();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_ATALLA
+     ENGINE_load_atalla();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_CSWIFT
+     ENGINE_load_cswift();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_NCIPHER
+     ENGINE_load_chil();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_NURON
+     ENGINE_load_nuron();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_SUREWARE
+     ENGINE_load_sureware();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_UBSEC
+     ENGINE_load_ubsec();
+ #  endif
+ #  ifndef OPENSSL_NO_HW_PADLOCK
+     ENGINE_load_padlock();
+ #  endif
+ # endif
+ # ifndef OPENSSL_NO_GOST
+     ENGINE_load_gost();
+ # endif
+ # ifndef OPENSSL_NO_GMP
+     ENGINE_load_gmp();
+ # endif
+ # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+     ENGINE_load_capi();
+ # endif
+ #endif
+     ENGINE_register_all_complete();
+ }
  
 -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV)
- void ENGINE_setup_bsd_cryptodev(void) {
-       static int bsd_cryptodev_default_loaded = 0;
-       if (!bsd_cryptodev_default_loaded) {
-               ENGINE_load_cryptodev();
-               ENGINE_register_all_complete();
-       }
-       bsd_cryptodev_default_loaded=1;
+ void ENGINE_setup_bsd_cryptodev(void)
+ {
+     static int bsd_cryptodev_default_loaded = 0;
+     if (!bsd_cryptodev_default_loaded) {
+         ENGINE_load_cryptodev();
+         ENGINE_register_all_complete();
+     }
+     bsd_cryptodev_default_loaded = 1;
  }
  #endif
@@@ -32,9 -32,9 +32,9 @@@
  #include <openssl/bn.h>
  
  #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-       (defined(OpenBSD) || defined(__FreeBSD__) || defined(__DragonFly__))
- #include <sys/param.h>
 -        (defined(OpenBSD) || defined(__FreeBSD__))
++        (defined(OpenBSD) || defined(__FreeBSD__) || defined(__DragonFly__))
+ # include <sys/param.h>
 -# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
 +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || (__DragonFly_version >= 200500)
  #  define HAVE_CRYPTODEV
  # endif
  # if (OpenBSD >= 200110)
  
  #ifndef HAVE_CRYPTODEV
  
- void
- ENGINE_load_cryptodev(void)
+ void ENGINE_load_cryptodev(void)
  {
-       /* This is a NOP on platforms without /dev/crypto */
-       return;
+     /* This is a NOP on platforms without /dev/crypto */
+     return;
  }
  
- #else 
-  
- #include <sys/types.h>
- #include <crypto/cryptodev.h>
- #include <crypto/dh/dh.h>
- #include <crypto/dsa/dsa.h>
- #include <crypto/err/err.h>
- #include <crypto/rsa/rsa.h>
- #include <sys/ioctl.h>
- #include <errno.h>
- #include <stdio.h>
- #include <unistd.h>
- #include <fcntl.h>
- #include <stdarg.h>
- #include <syslog.h>
- #include <errno.h>
- #include <string.h>
- struct dev_crypto_state {
-       struct session_op d_sess;
-       int d_fd;
+ #else
  
- #ifdef USE_CRYPTODEV_DIGESTS
-       char dummy_mac_key[HASH_MAX_LEN];
+ # include <sys/types.h>
+ # include <crypto/cryptodev.h>
+ # include <crypto/dh/dh.h>
+ # include <crypto/dsa/dsa.h>
+ # include <crypto/err/err.h>
+ # include <crypto/rsa/rsa.h>
+ # include <sys/ioctl.h>
+ # include <errno.h>
+ # include <stdio.h>
+ # include <unistd.h>
+ # include <fcntl.h>
+ # include <stdarg.h>
+ # include <syslog.h>
+ # include <errno.h>
+ # include <string.h>
  
-       unsigned char digest_res[HASH_MAX_LEN];
-       char *mac_data;
-       int mac_len;
- #endif
+ struct dev_crypto_state {
+     struct session_op d_sess;
+     int d_fd;
+ # ifdef USE_CRYPTODEV_DIGESTS
+     char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+     char *mac_data;
+     int mac_len;
+ # endif
  };
  
  static u_int32_t cryptodev_asymfeat = 0;
@@@ -88,147 -85,185 +85,185 @@@ static int get_asym_dev_crypto(void)
  static int open_dev_crypto(void);
  static int get_dev_crypto(void);
  static int get_cryptodev_ciphers(const int **cnids);
- #ifdef USE_CRYPTODEV_DIGESTS
+ # ifdef USE_CRYPTODEV_DIGESTS
  static int get_cryptodev_digests(const int **cnids);
- #endif
+ # endif
  static int cryptodev_usable_ciphers(const int **nids);
  static int cryptodev_usable_digests(const int **nids);
  static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-     const unsigned char *in, size_t inl);
+                             const unsigned char *in, size_t inl);
  static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-     const unsigned char *iv, int enc);
+                               const unsigned char *iv, int enc);
  static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
  static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-     const int **nids, int nid);
+                                     const int **nids, int nid);
  static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-     const int **nids, int nid);
+                                     const int **nids, int nid);
  static int bn2crparam(const BIGNUM *a, struct crparam *crp);
  static int crparam2bn(struct crparam *crp, BIGNUM *a);
  static void zapparams(struct crypt_kop *kop);
  static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
-     int slen, BIGNUM *s);
+                           int slen, BIGNUM *s);
  
  static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
-     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
- static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-     RSA *rsa, BN_CTX *ctx);
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+                                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                 BN_MONT_CTX *m_ctx);
+ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                        BN_CTX *ctx);
+ static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                  BN_CTX *ctx);
  static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+                                     const BIGNUM *p, const BIGNUM *m,
+                                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-     BN_CTX *ctx, BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-     int dlen, DSA *dsa);
+                                      BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+                                      BIGNUM *p, BN_CTX *ctx,
+                                      BN_MONT_CTX *mont);
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                       DSA *dsa);
  static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-     DSA_SIG *sig, DSA *dsa);
+                                 DSA_SIG *sig, DSA *dsa);
  static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-     BN_MONT_CTX *m_ctx);
- static int cryptodev_dh_compute_key(unsigned char *key,
-     const BIGNUM *pub_key, DH *dh);
+                                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                 BN_MONT_CTX *m_ctx);
+ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+                                     DH *dh);
  static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-     void (*f)(void));
+                           void (*f) (void));
  void ENGINE_load_cryptodev(void);
  
  static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-       { 0, NULL, NULL, 0 }
+     {0, NULL, NULL, 0}
  };
  
  static struct {
-       int     id;
-       int     nid;
-       int     ivmax;
-       int     keylen;
+     int id;
+     int nid;
+     int ivmax;
+     int keylen;
  } ciphers[] = {
-       { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
-       { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
-       { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
-       { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
-       { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
-       { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
-       { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
-       { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
-       { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
-       { 0,                            NID_undef,              0,       0, },
+     {
+         CRYPTO_ARC4, NID_rc4, 0, 16,
+     },
+     {
+         CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
+     },
+     {
+         CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
+     },
+     {
+         CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
+     },
+     {
+         CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
+     },
+     {
+         CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
+     },
+     {
+         CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+     },
+     {
+         CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+     },
+     {
+         CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+     },
+     {
+         0, NID_undef, 0, 0,
+     },
  };
  
- #ifdef USE_CRYPTODEV_DIGESTS
+ # ifdef USE_CRYPTODEV_DIGESTS
  static struct {
-       int     id;
-       int     nid;
-       int     keylen;
+     int id;
+     int nid;
+     int keylen;
  } digests[] = {
-       { CRYPTO_MD5_HMAC,              NID_hmacWithMD5,        16},
-       { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       20},
-       { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          16/*?*/},
-       { CRYPTO_MD5_KPDK,              NID_undef,              0},
-       { CRYPTO_SHA1_KPDK,             NID_undef,              0},
-       { CRYPTO_MD5,                   NID_md5,                16},
-       { CRYPTO_SHA1,                  NID_sha1,               20},
-       { 0,                            NID_undef,              0},
+     {
+         CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
+     },
+     {
+         CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
+     },
+     {
+         CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
+         /* ? */
+     },
+     {
+         CRYPTO_MD5_KPDK, NID_undef, 0
+     },
+     {
+         CRYPTO_SHA1_KPDK, NID_undef, 0
+     },
+     {
+         CRYPTO_MD5, NID_md5, 16
+     },
+     {
+         CRYPTO_SHA1, NID_sha1, 20
+     },
+     {
+         0, NID_undef, 0
+     },
  };
- #endif
+ # endif
  
  /*
   * Return a fd if /dev/crypto seems usable, 0 otherwise.
   */
- static int
- open_dev_crypto(void)
+ static int open_dev_crypto(void)
  {
-       static int fd = -1;
-       if (fd == -1) {
-               if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-                       return (-1);
-               /* close on exec */
-               if (fcntl(fd, F_SETFD, 1) == -1) {
-                       close(fd);
-                       fd = -1;
-                       return (-1);
-               }
-       }
-       return (fd);
+     static int fd = -1;
+     if (fd == -1) {
+         if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+             return (-1);
+         /* close on exec */
+         if (fcntl(fd, F_SETFD, 1) == -1) {
+             close(fd);
+             fd = -1;
+             return (-1);
+         }
+     }
+     return (fd);
  }
  
- static int
- get_dev_crypto(void)
+ static int get_dev_crypto(void)
  {
-       int fd, retfd;
-       if ((fd = open_dev_crypto()) == -1)
-               return (-1);
- #ifndef CRIOGET_NOT_NEEDED
-       if (ioctl(fd, CRIOGET, &retfd) == -1)
-               return (-1);
-       /* close on exec */
-       if (fcntl(retfd, F_SETFD, 1) == -1) {
-               close(retfd);
-               return (-1);
-       }
- #else
-         retfd = fd;
- #endif
-       return (retfd);
+     int fd, retfd;
+     if ((fd = open_dev_crypto()) == -1)
+         return (-1);
+ # ifndef CRIOGET_NOT_NEEDED
+     if (ioctl(fd, CRIOGET, &retfd) == -1)
+         return (-1);
+     /* close on exec */
+     if (fcntl(retfd, F_SETFD, 1) == -1) {
+         close(retfd);
+         return (-1);
+     }
+ # else
+     retfd = fd;
+ # endif
+     return (retfd);
  }
  
  static void put_dev_crypto(int fd)
  {
- #ifndef CRIOGET_NOT_NEEDED
-       close(fd);
- #endif
+ # ifndef CRIOGET_NOT_NEEDED
+     close(fd);
+ # endif
  }
  
  /* Caching version for asym operations */
- static int
- get_asym_dev_crypto(void)
+ static int get_asym_dev_crypto(void)
  {
-       static int fd = -1;
+     static int fd = -1;
  
-       if (fd == -1)
-               fd = get_dev_crypto();
-       return fd;
+     if (fd == -1)
+         fd = get_dev_crypto();
+     return fd;
  }
  
  /*
   * returning them here is harmless, as long as we return NULL
   * when asked for a handler in the cryptodev_engine_ciphers routine
   */
- static int
- get_cryptodev_ciphers(const int **cnids)
+ static int get_cryptodev_ciphers(const int **cnids)
  {
-       static int nids[CRYPTO_ALGORITHM_MAX];
-       struct session_op sess;
-       int fd, i, count = 0;
-       if ((fd = get_dev_crypto()) < 0) {
-               *cnids = NULL;
-               return (0);
-       }
-       memset(&sess, 0, sizeof(sess));
-       sess.key = (caddr_t)"123456789abcdefghijklmno";
-       for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-               if (ciphers[i].nid == NID_undef)
-                       continue;
-               sess.cipher = ciphers[i].id;
-               sess.keylen = ciphers[i].keylen;
-               sess.mac = 0;
-               if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-                   ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-                       nids[count++] = ciphers[i].nid;
-       }
-       put_dev_crypto(fd);
-       if (count > 0)
-               *cnids = nids;
-       else
-               *cnids = NULL;
-       return (count);
+     static int nids[CRYPTO_ALGORITHM_MAX];
+     struct session_op sess;
+     int fd, i, count = 0;
+     if ((fd = get_dev_crypto()) < 0) {
+         *cnids = NULL;
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+     sess.key = (caddr_t) "123456789abcdefghijklmno";
+     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (ciphers[i].nid == NID_undef)
+             continue;
+         sess.cipher = ciphers[i].id;
+         sess.keylen = ciphers[i].keylen;
+         sess.mac = 0;
+         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+             nids[count++] = ciphers[i].nid;
+     }
+     put_dev_crypto(fd);
+     if (count > 0)
+         *cnids = nids;
+     else
+         *cnids = NULL;
+     return (count);
  }
  
- #ifdef USE_CRYPTODEV_DIGESTS
+ # ifdef USE_CRYPTODEV_DIGESTS
  /*
   * Find out what digests /dev/crypto will let us have a session for.
   * XXX note, that some of these openssl doesn't deal with yet!
   * returning them here is harmless, as long as we return NULL
   * when asked for a handler in the cryptodev_engine_digests routine
   */
- static int
- get_cryptodev_digests(const int **cnids)
+ static int get_cryptodev_digests(const int **cnids)
  {
-       static int nids[CRYPTO_ALGORITHM_MAX];
-       struct session_op sess;
-       int fd, i, count = 0;
-       if ((fd = get_dev_crypto()) < 0) {
-               *cnids = NULL;
-               return (0);
-       }
-       memset(&sess, 0, sizeof(sess));
-       sess.mackey = (caddr_t)"123456789abcdefghijklmno";
-       for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-               if (digests[i].nid == NID_undef)
-                       continue;
-               sess.mac = digests[i].id;
-               sess.mackeylen = digests[i].keylen;
-               sess.cipher = 0;
-               if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-                   ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-                       nids[count++] = digests[i].nid;
-       }
-       put_dev_crypto(fd);
-       if (count > 0)
-               *cnids = nids;
-       else
-               *cnids = NULL;
-       return (count);
+     static int nids[CRYPTO_ALGORITHM_MAX];
+     struct session_op sess;
+     int fd, i, count = 0;
+     if ((fd = get_dev_crypto()) < 0) {
+         *cnids = NULL;
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+     sess.mackey = (caddr_t) "123456789abcdefghijklmno";
+     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (digests[i].nid == NID_undef)
+             continue;
+         sess.mac = digests[i].id;
+         sess.mackeylen = digests[i].keylen;
+         sess.cipher = 0;
+         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+             nids[count++] = digests[i].nid;
+     }
+     put_dev_crypto(fd);
+     if (count > 0)
+         *cnids = nids;
+     else
+         *cnids = NULL;
+     return (count);
  }
- #endif  /* 0 */
+ # endif                         /* 0 */
  
  /*
   * Find the useable ciphers|digests from dev/crypto - this is the first
   * want most of the decisions made about what we actually want
   * to use from /dev/crypto.
   */
- static int
- cryptodev_usable_ciphers(const int **nids)
+ static int cryptodev_usable_ciphers(const int **nids)
  {
-       return (get_cryptodev_ciphers(nids));
+     return (get_cryptodev_ciphers(nids));
  }
  
- static int
- cryptodev_usable_digests(const int **nids)
+ static int cryptodev_usable_digests(const int **nids)
  {
- #ifdef USE_CRYPTODEV_DIGESTS
-       return (get_cryptodev_digests(nids));
- #else
-       /*
-        * XXXX just disable all digests for now, because it sucks.
-        * we need a better way to decide this - i.e. I may not
-        * want digests on slow cards like hifn on fast machines,
-        * but might want them on slow or loaded machines, etc.
-        * will also want them when using crypto cards that don't
-        * suck moose gonads - would be nice to be able to decide something
-        * as reasonable default without having hackery that's card dependent.
-        * of course, the default should probably be just do everything,
-        * with perhaps a sysctl to turn algoritms off (or have them off
-        * by default) on cards that generally suck like the hifn.
-        */
-       *nids = NULL;
-       return (0);
- #endif
+ # ifdef USE_CRYPTODEV_DIGESTS
+     return (get_cryptodev_digests(nids));
+ # else
+     /*
+      * XXXX just disable all digests for now, because it sucks.
+      * we need a better way to decide this - i.e. I may not
+      * want digests on slow cards like hifn on fast machines,
+      * but might want them on slow or loaded machines, etc.
+      * will also want them when using crypto cards that don't
+      * suck moose gonads - would be nice to be able to decide something
+      * as reasonable default without having hackery that's card dependent.
+      * of course, the default should probably be just do everything,
+      * with perhaps a sysctl to turn algoritms off (or have them off
+      * by default) on cards that generally suck like the hifn.
+      */
+     *nids = NULL;
+     return (0);
+ # endif
  }
  
  static int
  cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-     const unsigned char *in, size_t inl)
+                  const unsigned char *in, size_t inl)
  {
-       struct crypt_op cryp;
-       struct dev_crypto_state *state = ctx->cipher_data;
-       struct session_op *sess = &state->d_sess;
-       const void *iiv;
-       unsigned char save_iv[EVP_MAX_IV_LENGTH];
-       if (state->d_fd < 0)
-               return (0);
-       if (!inl)
-               return (1);
-       if ((inl % ctx->cipher->block_size) != 0)
-               return (0);
-       memset(&cryp, 0, sizeof(cryp));
-       cryp.ses = sess->ses;
-       cryp.flags = 0;
-       cryp.len = inl;
-       cryp.src = (caddr_t) in;
-       cryp.dst = (caddr_t) out;
-       cryp.mac = 0;
-       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-       if (ctx->cipher->iv_len) {
-               cryp.iv = (caddr_t) ctx->iv;
-               if (!ctx->encrypt) {
-                       iiv = in + inl - ctx->cipher->iv_len;
-                       memcpy(save_iv, iiv, ctx->cipher->iv_len);
-               }
-       } else
-               cryp.iv = NULL;
-       if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-               /* XXX need better errror handling
-                * this can fail for a number of different reasons.
-                */
-               return (0);
-       }
-       if (ctx->cipher->iv_len) {
-               if (ctx->encrypt)
-                       iiv = out + inl - ctx->cipher->iv_len;
-               else
-                       iiv = save_iv;
-               memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-       }
-       return (1);
+     struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->cipher_data;
+     struct session_op *sess = &state->d_sess;
+     const void *iiv;
+     unsigned char save_iv[EVP_MAX_IV_LENGTH];
+     if (state->d_fd < 0)
+         return (0);
+     if (!inl)
+         return (1);
+     if ((inl % ctx->cipher->block_size) != 0)
+         return (0);
+     memset(&cryp, 0, sizeof(cryp));
+     cryp.ses = sess->ses;
+     cryp.flags = 0;
+     cryp.len = inl;
+     cryp.src = (caddr_t) in;
+     cryp.dst = (caddr_t) out;
+     cryp.mac = 0;
+     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+     if (ctx->cipher->iv_len) {
+         cryp.iv = (caddr_t) ctx->iv;
+         if (!ctx->encrypt) {
+             iiv = in + inl - ctx->cipher->iv_len;
+             memcpy(save_iv, iiv, ctx->cipher->iv_len);
+         }
+     } else
+         cryp.iv = NULL;
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+         /*
+          * XXX need better errror handling this can fail for a number of
+          * different reasons.
+          */
+         return (0);
+     }
+     if (ctx->cipher->iv_len) {
+         if (ctx->encrypt)
+             iiv = out + inl - ctx->cipher->iv_len;
+         else
+             iiv = save_iv;
+         memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+     }
+     return (1);
  }
  
  static int
  cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-     const unsigned char *iv, int enc)
+                    const unsigned char *iv, int enc)
  {
-       struct dev_crypto_state *state = ctx->cipher_data;
-       struct session_op *sess = &state->d_sess;
-       int cipher = -1, i;
-       for (i = 0; ciphers[i].id; i++)
-               if (ctx->cipher->nid == ciphers[i].nid &&
-                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
-                   ctx->key_len == ciphers[i].keylen) {
-                       cipher = ciphers[i].id;
-                       break;
-               }
-       if (!ciphers[i].id) {
-               state->d_fd = -1;
-               return (0);
-       }
-       memset(sess, 0, sizeof(struct session_op));
-       if ((state->d_fd = get_dev_crypto()) < 0)
-               return (0);
-       sess->key = (caddr_t)key;
-       sess->keylen = ctx->key_len;
-       sess->cipher = cipher;
-       if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-               put_dev_crypto(state->d_fd);
-               state->d_fd = -1;
-               return (0);
-       }
-       return (1);
+     struct dev_crypto_state *state = ctx->cipher_data;
+     struct session_op *sess = &state->d_sess;
+     int cipher = -1, i;
+     for (i = 0; ciphers[i].id; i++)
+         if (ctx->cipher->nid == ciphers[i].nid &&
+             ctx->cipher->iv_len <= ciphers[i].ivmax &&
+             ctx->key_len == ciphers[i].keylen) {
+             cipher = ciphers[i].id;
+             break;
+         }
+     if (!ciphers[i].id) {
+         state->d_fd = -1;
+         return (0);
+     }
+     memset(sess, 0, sizeof(struct session_op));
+     if ((state->d_fd = get_dev_crypto()) < 0)
+         return (0);
+     sess->key = (caddr_t) key;
+     sess->keylen = ctx->key_len;
+     sess->cipher = cipher;
+     if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+         put_dev_crypto(state->d_fd);
+         state->d_fd = -1;
+         return (0);
+     }
+     return (1);
  }
  
  /*
   * free anything we allocated earlier when initting a
   * session, and close the session.
   */
- static int
- cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
  {
-       int ret = 0;
-       struct dev_crypto_state *state = ctx->cipher_data;
-       struct session_op *sess = &state->d_sess;
-       if (state->d_fd < 0)
-               return (0);
-       /* XXX if this ioctl fails, someting's wrong. the invoker
-        * may have called us with a bogus ctx, or we could
-        * have a device that for whatever reason just doesn't
-        * want to play ball - it's not clear what's right
-        * here - should this be an error? should it just
-        * increase a counter, hmm. For right now, we return
-        * 0 - I don't believe that to be "right". we could
-        * call the gorpy openssl lib error handlers that
-        * print messages to users of the library. hmm..
-        */
-       if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-               ret = 0;
-       } else {
-               ret = 1;
-       }
-       put_dev_crypto(state->d_fd);
-       state->d_fd = -1;
-       return (ret);
+     int ret = 0;
+     struct dev_crypto_state *state = ctx->cipher_data;
+     struct session_op *sess = &state->d_sess;
+     if (state->d_fd < 0)
+         return (0);
+     /*
+      * XXX if this ioctl fails, someting's wrong. the invoker may have called
+      * us with a bogus ctx, or we could have a device that for whatever
+      * reason just doesn't want to play ball - it's not clear what's right
+      * here - should this be an error? should it just increase a counter,
+      * hmm. For right now, we return 0 - I don't believe that to be "right".
+      * we could call the gorpy openssl lib error handlers that print messages
+      * to users of the library. hmm..
+      */
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+         ret = 0;
+     } else {
+         ret = 1;
+     }
+     put_dev_crypto(state->d_fd);
+     state->d_fd = -1;
+     return (ret);
  }
  
  /*
  
  /* RC4 */
  const EVP_CIPHER cryptodev_rc4 = {
-       NID_rc4,
-       1, 16, 0,
-       EVP_CIPH_VARIABLE_LENGTH,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       NULL,
-       NULL,
-       NULL
+     NID_rc4,
+     1, 16, 0,
+     EVP_CIPH_VARIABLE_LENGTH,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     NULL,
+     NULL,
+     NULL
  };
  
  /* DES CBC EVP */
  const EVP_CIPHER cryptodev_des_cbc = {
-       NID_des_cbc,
-       8, 8, 8,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_des_cbc,
+     8, 8, 8,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  /* 3DES CBC EVP */
  const EVP_CIPHER cryptodev_3des_cbc = {
-       NID_des_ede3_cbc,
-       8, 24, 8,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_des_ede3_cbc,
+     8, 24, 8,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  const EVP_CIPHER cryptodev_bf_cbc = {
-       NID_bf_cbc,
-       8, 16, 8,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_bf_cbc,
+     8, 16, 8,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  const EVP_CIPHER cryptodev_cast_cbc = {
-       NID_cast5_cbc,
-       8, 16, 8,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_cast5_cbc,
+     8, 16, 8,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  const EVP_CIPHER cryptodev_aes_cbc = {
-       NID_aes_128_cbc,
-       16, 16, 16,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_aes_128_cbc,
+     16, 16, 16,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  const EVP_CIPHER cryptodev_aes_192_cbc = {
-       NID_aes_192_cbc,
-       16, 24, 16,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_aes_192_cbc,
+     16, 24, 16,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  const EVP_CIPHER cryptodev_aes_256_cbc = {
-       NID_aes_256_cbc,
-       16, 32, 16,
-       EVP_CIPH_CBC_MODE,
-       cryptodev_init_key,
-       cryptodev_cipher,
-       cryptodev_cleanup,
-       sizeof(struct dev_crypto_state),
-       EVP_CIPHER_set_asn1_iv,
-       EVP_CIPHER_get_asn1_iv,
-       NULL
+     NID_aes_256_cbc,
+     16, 32, 16,
+     EVP_CIPH_CBC_MODE,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+     NULL
  };
  
  /*
   */
  static int
  cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-     const int **nids, int nid)
+                          const int **nids, int nid)
  {
-       if (!cipher)
-               return (cryptodev_usable_ciphers(nids));
-       switch (nid) {
-       case NID_rc4:
-               *cipher = &cryptodev_rc4;
-               break;
-       case NID_des_ede3_cbc:
-               *cipher = &cryptodev_3des_cbc;
-               break;
-       case NID_des_cbc:
-               *cipher = &cryptodev_des_cbc;
-               break;
-       case NID_bf_cbc:
-               *cipher = &cryptodev_bf_cbc;
-               break;
-       case NID_cast5_cbc:
-               *cipher = &cryptodev_cast_cbc;
-               break;
-       case NID_aes_128_cbc:
-               *cipher = &cryptodev_aes_cbc;
-               break;
-       case NID_aes_192_cbc:
-               *cipher = &cryptodev_aes_192_cbc;
-               break;
-       case NID_aes_256_cbc:
-               *cipher = &cryptodev_aes_256_cbc;
-               break;
-       default:
-               *cipher = NULL;
-               break;
-       }
-       return (*cipher != NULL);
+     if (!cipher)
+         return (cryptodev_usable_ciphers(nids));
+     switch (nid) {
+     case NID_rc4:
+         *cipher = &cryptodev_rc4;
+         break;
+     case NID_des_ede3_cbc:
+         *cipher = &cryptodev_3des_cbc;
+         break;
+     case NID_des_cbc:
+         *cipher = &cryptodev_des_cbc;
+         break;
+     case NID_bf_cbc:
+         *cipher = &cryptodev_bf_cbc;
+         break;
+     case NID_cast5_cbc:
+         *cipher = &cryptodev_cast_cbc;
+         break;
+     case NID_aes_128_cbc:
+         *cipher = &cryptodev_aes_cbc;
+         break;
+     case NID_aes_192_cbc:
+         *cipher = &cryptodev_aes_192_cbc;
+         break;
+     case NID_aes_256_cbc:
+         *cipher = &cryptodev_aes_256_cbc;
+         break;
+     default:
+         *cipher = NULL;
+         break;
+     }
+     return (*cipher != NULL);
  }
  
- #ifdef USE_CRYPTODEV_DIGESTS
+ # ifdef USE_CRYPTODEV_DIGESTS
  
  /* convert digest type to cryptodev */
- static int
- digest_nid_to_cryptodev(int nid)
+ static int digest_nid_to_cryptodev(int nid)
  {
-       int i;
+     int i;
  
-       for (i = 0; digests[i].id; i++)
-               if (digests[i].nid == nid)
-                       return (digests[i].id);
-       return (0);
+     for (i = 0; digests[i].id; i++)
+         if (digests[i].nid == nid)
+             return (digests[i].id);
+     return (0);
  }
  
- static int
- digest_key_length(int nid)
+ static int digest_key_length(int nid)
  {
-       int i;
+     int i;
  
-       for (i = 0; digests[i].id; i++)
-               if (digests[i].nid == nid)
-                       return digests[i].keylen;
-       return (0);
+     for (i = 0; digests[i].id; i++)
+         if (digests[i].nid == nid)
+             return digests[i].keylen;
+     return (0);
  }
  
  static int cryptodev_digest_init(EVP_MD_CTX *ctx)
  {
-       struct dev_crypto_state *state = ctx->md_data;
-       struct session_op *sess = &state->d_sess;
-       int digest;
-       if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
-               printf("cryptodev_digest_init: Can't get digest \n");
-               return (0);
-       }
-       memset(state, 0, sizeof(struct dev_crypto_state));
-       if ((state->d_fd = get_dev_crypto()) < 0) {
-               printf("cryptodev_digest_init: Can't get Dev \n");
-               return (0);
-       }
-       sess->mackey = state->dummy_mac_key;
-       sess->mackeylen = digest_key_length(ctx->digest->type);
-       sess->mac = digest;
-       if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-               put_dev_crypto(state->d_fd);
-               state->d_fd = -1;
-               printf("cryptodev_digest_init: Open session failed\n");
-               return (0);
-       }
-       return (1);
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+     int digest;
+     if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
+         printf("cryptodev_digest_init: Can't get digest \n");
+         return (0);
+     }
+     memset(state, 0, sizeof(struct dev_crypto_state));
+     if ((state->d_fd = get_dev_crypto()) < 0) {
+         printf("cryptodev_digest_init: Can't get Dev \n");
+         return (0);
+     }
+     sess->mackey = state->dummy_mac_key;
+     sess->mackeylen = digest_key_length(ctx->digest->type);
+     sess->mac = digest;
+     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+         put_dev_crypto(state->d_fd);
+         state->d_fd = -1;
+         printf("cryptodev_digest_init: Open session failed\n");
+         return (0);
+     }
+     return (1);
  }
  
  static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-               size_t count)
+                                    size_t count)
  {
-       struct crypt_op cryp;
-       struct dev_crypto_state *state = ctx->md_data;
-       struct session_op *sess = &state->d_sess;
-       if (!data || state->d_fd < 0) {
-               printf("cryptodev_digest_update: illegal inputs \n");
-               return (0);
-       }
-       if (!count) {
-               return (0);
-       }
-       if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-               /* if application doesn't support one buffer */
-               state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
-               if (!state->mac_data) {
-                       printf("cryptodev_digest_update: realloc failed\n");
-                       return (0);
-               }
-               memcpy(state->mac_data + state->mac_len, data, count);
-               state->mac_len += count;
-       
-               return (1);
-       }
-       memset(&cryp, 0, sizeof(cryp));
-       cryp.ses = sess->ses;
-       cryp.flags = 0;
-       cryp.len = count;
-       cryp.src = (caddr_t) data;
-       cryp.dst = NULL;
-       cryp.mac = (caddr_t) state->digest_res;
-       if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-               printf("cryptodev_digest_update: digest failed\n");
-               return (0);
-       }
-       return (1);
+     struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+     if (!data || state->d_fd < 0) {
+         printf("cryptodev_digest_update: illegal inputs \n");
+         return (0);
+     }
+     if (!count) {
+         return (0);
+     }
+     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         /* if application doesn't support one buffer */
+         state->mac_data =
+             OPENSSL_realloc(state->mac_data, state->mac_len + count);
+         if (!state->mac_data) {
+             printf("cryptodev_digest_update: realloc failed\n");
+             return (0);
+         }
+         memcpy(state->mac_data + state->mac_len, data, count);
+         state->mac_len += count;
+         return (1);
+     }
+     memset(&cryp, 0, sizeof(cryp));
+     cryp.ses = sess->ses;
+     cryp.flags = 0;
+     cryp.len = count;
+     cryp.src = (caddr_t) data;
+     cryp.dst = NULL;
+     cryp.mac = (caddr_t) state->digest_res;
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+         printf("cryptodev_digest_update: digest failed\n");
+         return (0);
+     }
+     return (1);
  }
  
  static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
  {
-       struct crypt_op cryp;
-       struct dev_crypto_state *state = ctx->md_data;
-       struct session_op *sess = &state->d_sess;
-       int ret = 1;
-       if (!md || state->d_fd < 0) {
-               printf("cryptodev_digest_final: illegal input\n");
-               return(0);
-       }
-       if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
-               /* if application doesn't support one buffer */
-               memset(&cryp, 0, sizeof(cryp));
-               cryp.ses = sess->ses;
-               cryp.flags = 0;
-               cryp.len = state->mac_len;
-               cryp.src = state->mac_data;
-               cryp.dst = NULL;
-               cryp.mac = (caddr_t)md;
-               if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-                       printf("cryptodev_digest_final: digest failed\n");
-                       return (0);
-               }
-               return 1;
-       }
-       memcpy(md, state->digest_res, ctx->digest->md_size);
-       return (ret);
+     struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+     int ret = 1;
+     if (!md || state->d_fd < 0) {
+         printf("cryptodev_digest_final: illegal input\n");
+         return (0);
+     }
+     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+         /* if application doesn't support one buffer */
+         memset(&cryp, 0, sizeof(cryp));
+         cryp.ses = sess->ses;
+         cryp.flags = 0;
+         cryp.len = state->mac_len;
+         cryp.src = state->mac_data;
+         cryp.dst = NULL;
+         cryp.mac = (caddr_t) md;
+         if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+             printf("cryptodev_digest_final: digest failed\n");
+             return (0);
+         }
+         return 1;
+     }
+     memcpy(md, state->digest_res, ctx->digest->md_size);
+     return (ret);
  }
  
  static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
  {
-       int ret = 1;
-       struct dev_crypto_state *state = ctx->md_data;
-       struct session_op *sess = &state->d_sess;
-       if (state == NULL)
-         return 0;
-       if (state->d_fd < 0) {
-               printf("cryptodev_digest_cleanup: illegal input\n");
-               return (0);
-       }
-       if (state->mac_data) {
-               OPENSSL_free(state->mac_data);
-               state->mac_data = NULL;
-               state->mac_len = 0;
-       }
-       if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-               printf("cryptodev_digest_cleanup: failed to close session\n");
-               ret = 0;
-       } else {
-               ret = 1;
-       }
-       put_dev_crypto(state->d_fd);    
-       state->d_fd = -1;
-       return (ret);
+     int ret = 1;
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+     if (state == NULL)
+         return 0;
+     if (state->d_fd < 0) {
+         printf("cryptodev_digest_cleanup: illegal input\n");
+         return (0);
+     }
+     if (state->mac_data) {
+         OPENSSL_free(state->mac_data);
+         state->mac_data = NULL;
+         state->mac_len = 0;
+     }
+     if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+         printf("cryptodev_digest_cleanup: failed to close session\n");
+         ret = 0;
+     } else {
+         ret = 1;
+     }
+     put_dev_crypto(state->d_fd);
+     state->d_fd = -1;
+     return (ret);
  }
  
- static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
  {
-       struct dev_crypto_state *fstate = from->md_data;
-       struct dev_crypto_state *dstate = to->md_data;
-       struct session_op *sess;
-       int digest;
+     struct dev_crypto_state *fstate = from->md_data;
+     struct dev_crypto_state *dstate = to->md_data;
+     struct session_op *sess;
+     int digest;
  
-       if (dstate == NULL || fstate == NULL)
-         return 1;
+     if (dstate == NULL || fstate == NULL)
+         return 1;
  
-               memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+     memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
  
-       sess = &dstate->d_sess;
+     sess = &dstate->d_sess;
  
-       digest = digest_nid_to_cryptodev(to->digest->type);
+     digest = digest_nid_to_cryptodev(to->digest->type);
  
-       sess->mackey = dstate->dummy_mac_key;
-       sess->mackeylen = digest_key_length(to->digest->type);
-       sess->mac = digest;
+     sess->mackey = dstate->dummy_mac_key;
+     sess->mackeylen = digest_key_length(to->digest->type);
+     sess->mac = digest;
  
-       dstate->d_fd = get_dev_crypto();
+     dstate->d_fd = get_dev_crypto();
  
-       if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-               put_dev_crypto(dstate->d_fd);
-               dstate->d_fd = -1;
-               printf("cryptodev_digest_init: Open session failed\n");
-               return (0);
-       }
+     if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+         put_dev_crypto(dstate->d_fd);
+         dstate->d_fd = -1;
+         printf("cryptodev_digest_init: Open session failed\n");
+         return (0);
+     }
  
-       if (fstate->mac_len != 0) {
-               if (fstate->mac_data != NULL)
-                       {
-                       dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-                       memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-                       dstate->mac_len = fstate->mac_len;
-                       }
-       }
+     if (fstate->mac_len != 0) {
+         if (fstate->mac_data != NULL) {
+             dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+             memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+             dstate->mac_len = fstate->mac_len;
+         }
+     }
  
-       return 1;
+     return 1;
  }
  
  const EVP_MD cryptodev_sha1 = {
-       NID_sha1,
-       NID_undef, 
-       SHA_DIGEST_LENGTH, 
-       EVP_MD_FLAG_ONESHOT,
-       cryptodev_digest_init,
-       cryptodev_digest_update,
-       cryptodev_digest_final,
-       cryptodev_digest_copy,
-       cryptodev_digest_cleanup,
-       EVP_PKEY_NULL_method,
-       SHA_CBLOCK,
-       sizeof(struct dev_crypto_state),
+     NID_sha1,
+     NID_undef,
+     SHA_DIGEST_LENGTH,
+     EVP_MD_FLAG_ONESHOT,
+     cryptodev_digest_init,
+     cryptodev_digest_update,
+     cryptodev_digest_final,
+     cryptodev_digest_copy,
+     cryptodev_digest_cleanup,
+     EVP_PKEY_NULL_method,
+     SHA_CBLOCK,
+     sizeof(struct dev_crypto_state),
  };
  
  const EVP_MD cryptodev_md5 = {
-       NID_md5,
-       NID_undef, 
-       16 /* MD5_DIGEST_LENGTH */, 
-       EVP_MD_FLAG_ONESHOT,
-       cryptodev_digest_init,
-       cryptodev_digest_update,
-       cryptodev_digest_final,
-       cryptodev_digest_copy,
-       cryptodev_digest_cleanup,
-       EVP_PKEY_NULL_method,
-       64 /* MD5_CBLOCK */,
-       sizeof(struct dev_crypto_state),
+     NID_md5,
+     NID_undef,
+     16 /* MD5_DIGEST_LENGTH */ ,
+     EVP_MD_FLAG_ONESHOT,
+     cryptodev_digest_init,
+     cryptodev_digest_update,
+     cryptodev_digest_final,
+     cryptodev_digest_copy,
+     cryptodev_digest_cleanup,
+     EVP_PKEY_NULL_method,
+     64 /* MD5_CBLOCK */ ,
+     sizeof(struct dev_crypto_state),
  };
  
- #endif /* USE_CRYPTODEV_DIGESTS */
+ # endif                         /* USE_CRYPTODEV_DIGESTS */
  
  static int
  cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-     const int **nids, int nid)
+                          const int **nids, int nid)
  {
-       if (!digest)
-               return (cryptodev_usable_digests(nids));
-       switch (nid) {
- #ifdef USE_CRYPTODEV_DIGESTS
-       case NID_md5:
-               *digest = &cryptodev_md5; 
-               break;
-       case NID_sha1:
-               *digest = &cryptodev_sha1;
-               break;
-       default:
- #endif /* USE_CRYPTODEV_DIGESTS */
-               *digest = NULL;
-               break;
-       }
-       return (*digest != NULL);
+     if (!digest)
+         return (cryptodev_usable_digests(nids));
+     switch (nid) {
+ # ifdef USE_CRYPTODEV_DIGESTS
+     case NID_md5:
+         *digest = &cryptodev_md5;
+         break;
+     case NID_sha1:
+         *digest = &cryptodev_sha1;
+         break;
+     default:
+ # endif                         /* USE_CRYPTODEV_DIGESTS */
+         *digest = NULL;
+         break;
+     }
+     return (*digest != NULL);
  }
  
  /*
   * Upon completion of use, the caller is responsible for freeing
   * crp->crp_p.
   */
- static int
- bn2crparam(const BIGNUM *a, struct crparam *crp)
+ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
  {
-       int i, j, k;
-       ssize_t bytes, bits;
-       u_char *b;
-       crp->crp_p = NULL;
-       crp->crp_nbits = 0;
-       bits = BN_num_bits(a);
-       bytes = (bits + 7) / 8;
-       b = malloc(bytes);
-       if (b == NULL)
-               return (1);
-       memset(b, 0, bytes);
-       crp->crp_p = (caddr_t) b;
-       crp->crp_nbits = bits;
-       for (i = 0, j = 0; i < a->top; i++) {
-               for (k = 0; k < BN_BITS2 / 8; k++) {
-                       if ((j + k) >= bytes)
-                               return (0);
-                       b[j + k] = a->d[i] >> (k * 8);
-               }
-               j += BN_BITS2 / 8;
-       }
-       return (0);
+     int i, j, k;
+     ssize_t bytes, bits;
+     u_char *b;
+     crp->crp_p = NULL;
+     crp->crp_nbits = 0;
+     bits = BN_num_bits(a);
+     bytes = (bits + 7) / 8;
+     b = malloc(bytes);
+     if (b == NULL)
+         return (1);
+     memset(b, 0, bytes);
+     crp->crp_p = (caddr_t) b;
+     crp->crp_nbits = bits;
+     for (i = 0, j = 0; i < a->top; i++) {
+         for (k = 0; k < BN_BITS2 / 8; k++) {
+             if ((j + k) >= bytes)
+                 return (0);
+             b[j + k] = a->d[i] >> (k * 8);
+         }
+         j += BN_BITS2 / 8;
+     }
+     return (0);
  }
  
  /* Convert a /dev/crypto parameter to a BIGNUM */
- static int
- crparam2bn(struct crparam *crp, BIGNUM *a)
+ static int crparam2bn(struct crparam *crp, BIGNUM *a)
  {
-       u_int8_t *pd;
-       int i, bytes;
+     u_int8_t *pd;
+     int i, bytes;
  
-       bytes = (crp->crp_nbits + 7) / 8;
+     bytes = (crp->crp_nbits + 7) / 8;
  
-       if (bytes == 0)
-               return (-1);
+     if (bytes == 0)
+         return (-1);
  
-       if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-               return (-1);
+     if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+         return (-1);
  
-       for (i = 0; i < bytes; i++)
-               pd[i] = crp->crp_p[bytes - i - 1];
+     for (i = 0; i < bytes; i++)
+         pd[i] = crp->crp_p[bytes - i - 1];
  
-       BN_bin2bn(pd, bytes, a);
-       free(pd);
+     BN_bin2bn(pd, bytes, a);
+     free(pd);
  
-       return (0);
+     return (0);
  }
  
- static void
- zapparams(struct crypt_kop *kop)
+ static void zapparams(struct crypt_kop *kop)
  {
-       int i;
-       for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-               if (kop->crk_param[i].crp_p)
-                       free(kop->crk_param[i].crp_p);
-               kop->crk_param[i].crp_p = NULL;
-               kop->crk_param[i].crp_nbits = 0;
-       }
+     int i;
+     for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+         if (kop->crk_param[i].crp_p)
+             free(kop->crk_param[i].crp_p);
+         kop->crk_param[i].crp_p = NULL;
+         kop->crk_param[i].crp_nbits = 0;
+     }
  }
  
  static int
- cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+                BIGNUM *s)
  {
-       int fd, ret = -1;
-       if ((fd = get_asym_dev_crypto()) < 0)
-               return (ret);
-       if (r) {
-               kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-               kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-               kop->crk_oparams++;
-       }
-       if (s) {
-               kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-               kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-               kop->crk_oparams++;
-       }
-       if (ioctl(fd, CIOCKEY, kop) == 0) {
-               if (r)
-                       crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-               if (s)
-                       crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
-               ret = 0;
-       }
-       return (ret);
+     int fd, ret = -1;
+     if ((fd = get_asym_dev_crypto()) < 0)
+         return (ret);
+     if (r) {
+         kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+         kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+         kop->crk_oparams++;
+     }
+     if (s) {
+         kop->crk_param[kop->crk_iparams + 1].crp_p =
+             calloc(slen, sizeof(char));
+         kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+         kop->crk_oparams++;
+     }
+     if (ioctl(fd, CIOCKEY, kop) == 0) {
+         if (r)
+             crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+         if (s)
+             crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
+         ret = 0;
+     }
+     return (ret);
  }
  
  static int
  cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
  {
-       struct crypt_kop kop;
-       int ret = 1;
-       /* Currently, we know we can do mod exp iff we can do any
-        * asymmetric operations at all.
-        */
-       if (cryptodev_asymfeat == 0) {
-               ret = BN_mod_exp(r, a, p, m, ctx);
-               return (ret);
-       }
-       memset(&kop, 0, sizeof kop);
-       kop.crk_op = CRK_MOD_EXP;
-       /* inputs: a^p % m */
-       if (bn2crparam(a, &kop.crk_param[0]))
-               goto err;
-       if (bn2crparam(p, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(m, &kop.crk_param[2]))
-               goto err;
-       kop.crk_iparams = 3;
-       if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-               printf("OCF asym process failed, Running in software\n");
-               ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-       } else if (ECANCELED == kop.crk_status) {
-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-               printf("OCF hardware operation cancelled. Running in Software\n");
-               ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-       }
-       /* else cryptodev operation worked ok ==> ret = 1*/
- err:
-       zapparams(&kop);
-       return (ret);
+     struct crypt_kop kop;
+     int ret = 1;
+     /*
+      * Currently, we know we can do mod exp iff we can do any asymmetric
+      * operations at all.
+      */
+     if (cryptodev_asymfeat == 0) {
+         ret = BN_mod_exp(r, a, p, m, ctx);
+         return (ret);
+     }
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_MOD_EXP;
+     /* inputs: a^p % m */
+     if (bn2crparam(a, &kop.crk_param[0]))
+         goto err;
+     if (bn2crparam(p, &kop.crk_param[1]))
+         goto err;
+     if (bn2crparam(m, &kop.crk_param[2]))
+         goto err;
+     kop.crk_iparams = 3;
+     if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+         const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+         printf("OCF asym process failed, Running in software\n");
+         ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+     } else if (ECANCELED == kop.crk_status) {
+         const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+         printf("OCF hardware operation cancelled. Running in Software\n");
+         ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+     }
+     /* else cryptodev operation worked ok ==> ret = 1 */
+  err:
+     zapparams(&kop);
+     return (ret);
  }
  
  static int
- cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                             BN_CTX *ctx)
  {
-       int r;
-       ctx = BN_CTX_new();
-       r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-       BN_CTX_free(ctx);
-       return (r);
+     int r;
+     ctx = BN_CTX_new();
+     r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+     BN_CTX_free(ctx);
+     return (r);
  }
  
  static int
  cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  {
-       struct crypt_kop kop;
-       int ret = 1;
-       if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-               /* XXX 0 means failure?? */
-               return (0);
-       }
-       memset(&kop, 0, sizeof kop);
-       kop.crk_op = CRK_MOD_EXP_CRT;
-       /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-       if (bn2crparam(rsa->p, &kop.crk_param[0]))
-               goto err;
-       if (bn2crparam(rsa->q, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(I, &kop.crk_param[2]))
-               goto err;
-       if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-               goto err;
-       if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-               goto err;
-       if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-               goto err;
-       kop.crk_iparams = 6;
-       if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-               printf("OCF asym process failed, running in Software\n");
-               ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-       } else if (ECANCELED == kop.crk_status) {
-               const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-               printf("OCF hardware operation cancelled. Running in Software\n");
-               ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-       }
-       /* else cryptodev operation worked ok ==> ret = 1*/
- err:
-       zapparams(&kop);
-       return (ret);
+     struct crypt_kop kop;
+     int ret = 1;
+     if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+         /* XXX 0 means failure?? */
+         return (0);
+     }
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_MOD_EXP_CRT;
+     /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+     if (bn2crparam(rsa->p, &kop.crk_param[0]))
+         goto err;
+     if (bn2crparam(rsa->q, &kop.crk_param[1]))
+         goto err;
+     if (bn2crparam(I, &kop.crk_param[2]))
+         goto err;
+     if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+         goto err;
+     if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+         goto err;
+     if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+         goto err;
+     kop.crk_iparams = 6;
+     if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+         const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+         printf("OCF asym process failed, running in Software\n");
+         ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+     } else if (ECANCELED == kop.crk_status) {
+         const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+         printf("OCF hardware operation cancelled. Running in Software\n");
+         ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+     }
+     /* else cryptodev operation worked ok ==> ret = 1 */
 err:
+     zapparams(&kop);
+     return (ret);
  }
  
  static RSA_METHOD cryptodev_rsa = {
-       "cryptodev RSA method",
-       NULL,                           /* rsa_pub_enc */
-       NULL,                           /* rsa_pub_dec */
-       NULL,                           /* rsa_priv_enc */
-       NULL,                           /* rsa_priv_dec */
-       NULL,
-       NULL,
-       NULL,                           /* init */
-       NULL,                           /* finish */
-       0,                              /* flags */
-       NULL,                           /* app_data */
-       NULL,                           /* rsa_sign */
-       NULL                            /* rsa_verify */
+     "cryptodev RSA method",
+     NULL,                       /* rsa_pub_enc */
+     NULL,                       /* rsa_pub_dec */
+     NULL,                       /* rsa_priv_enc */
+     NULL,                       /* rsa_priv_dec */
+     NULL,
+     NULL,
+     NULL,                       /* init */
+     NULL,                       /* finish */
+     0,                          /* flags */
+     NULL,                       /* app_data */
+     NULL,                       /* rsa_sign */
+     NULL                        /* rsa_verify */
  };
  
  static int
  cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  {
-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+     return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
  }
  
  static int
  cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-     BN_CTX *ctx, BN_MONT_CTX *mont)
+                           BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+                           BN_CTX *ctx, BN_MONT_CTX *mont)
  {
-       BIGNUM t2;
-       int ret = 0;
+     BIGNUM t2;
+     int ret = 0;
  
-       BN_init(&t2);
+     BN_init(&t2);
  
-       /* v = ( g^u1 * y^u2 mod p ) mod q */
-       /* let t1 = g ^ u1 mod p */
-       ret = 0;
+     /* v = ( g^u1 * y^u2 mod p ) mod q */
+     /* let t1 = g ^ u1 mod p */
+     ret = 0;
  
-       if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-               goto err;
+     if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+         goto err;
  
-       /* let t2 = y ^ u2 mod p */
-       if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-               goto err;
-       /* let u1 = t1 * t2 mod p */
-       if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-               goto err;
+     /* let t2 = y ^ u2 mod p */
+     if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+         goto err;
+     /* let u1 = t1 * t2 mod p */
+     if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+         goto err;
  
-       BN_copy(t1,u1);
+     BN_copy(t1, u1);
  
-       ret = 1;
- err:
-       BN_free(&t2);
-       return(ret);
+     ret = 1;
 err:
+     BN_free(&t2);
+     return (ret);
  }
  
- static DSA_SIG *
cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
                                      DSA *dsa)
  {
-       struct crypt_kop kop;
-       BIGNUM *r = NULL, *s = NULL;
-       DSA_SIG *dsaret = NULL;
-       if ((r = BN_new()) == NULL)
-               goto err;
-       if ((s = BN_new()) == NULL) {
-               BN_free(r);
-               goto err;
-       }
-       memset(&kop, 0, sizeof kop);
-       kop.crk_op = CRK_DSA_SIGN;
-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-       kop.crk_param[0].crp_p = (caddr_t)dgst;
-       kop.crk_param[0].crp_nbits = dlen * 8;
-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
-               goto err;
-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
-               goto err;
-       if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-               goto err;
-       kop.crk_iparams = 5;
-       if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-           BN_num_bytes(dsa->q), s) == 0) {
-               dsaret = DSA_SIG_new();
-               dsaret->r = r;
-               dsaret->s = s;
-       } else {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-               BN_free(r);
-               BN_free(s);
-               dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-       }
- err:
-       kop.crk_param[0].crp_p = NULL;
-       zapparams(&kop);
-       return (dsaret);
+     struct crypt_kop kop;
+     BIGNUM *r = NULL, *s = NULL;
+     DSA_SIG *dsaret = NULL;
+     if ((r = BN_new()) == NULL)
+         goto err;
+     if ((s = BN_new()) == NULL) {
+         BN_free(r);
+         goto err;
+     }
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DSA_SIGN;
+     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+     kop.crk_param[0].crp_p = (caddr_t) dgst;
+     kop.crk_param[0].crp_nbits = dlen * 8;
+     if (bn2crparam(dsa->p, &kop.crk_param[1]))
+         goto err;
+     if (bn2crparam(dsa->q, &kop.crk_param[2]))
+         goto err;
+     if (bn2crparam(dsa->g, &kop.crk_param[3]))
+         goto err;
+     if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+         goto err;
+     kop.crk_iparams = 5;
+     if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+                        BN_num_bytes(dsa->q), s) == 0) {
+         dsaret = DSA_SIG_new();
+         dsaret->r = r;
+         dsaret->s = s;
+     } else {
+         const DSA_METHOD *meth = DSA_OpenSSL();
+         BN_free(r);
+         BN_free(s);
+         dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+     }
 err:
+     kop.crk_param[0].crp_p = NULL;
+     zapparams(&kop);
+     return (dsaret);
  }
  
  static int
  cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-     DSA_SIG *sig, DSA *dsa)
+                      DSA_SIG *sig, DSA *dsa)
  {
-       struct crypt_kop kop;
-       int dsaret = 1;
-       memset(&kop, 0, sizeof kop);
-       kop.crk_op = CRK_DSA_VERIFY;
-       /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-       kop.crk_param[0].crp_p = (caddr_t)dgst;
-       kop.crk_param[0].crp_nbits = dlen * 8;
-       if (bn2crparam(dsa->p, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(dsa->q, &kop.crk_param[2]))
-               goto err;
-       if (bn2crparam(dsa->g, &kop.crk_param[3]))
-               goto err;
-       if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-               goto err;
-       if (bn2crparam(sig->r, &kop.crk_param[5]))
-               goto err;
-       if (bn2crparam(sig->s, &kop.crk_param[6]))
-               goto err;
-       kop.crk_iparams = 7;
-       if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
- /*OCF success value is 0, if not zero, change dsaret to fail*/
-               if(0 != kop.crk_status) dsaret  = 0;
-       } else {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-               dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-       }
- err:
-       kop.crk_param[0].crp_p = NULL;
-       zapparams(&kop);
-       return (dsaret);
+     struct crypt_kop kop;
+     int dsaret = 1;
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DSA_VERIFY;
+     /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+     kop.crk_param[0].crp_p = (caddr_t) dgst;
+     kop.crk_param[0].crp_nbits = dlen * 8;
+     if (bn2crparam(dsa->p, &kop.crk_param[1]))
+         goto err;
+     if (bn2crparam(dsa->q, &kop.crk_param[2]))
+         goto err;
+     if (bn2crparam(dsa->g, &kop.crk_param[3]))
+         goto err;
+     if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+         goto err;
+     if (bn2crparam(sig->r, &kop.crk_param[5]))
+         goto err;
+     if (bn2crparam(sig->s, &kop.crk_param[6]))
+         goto err;
+     kop.crk_iparams = 7;
+     if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+         /*
+          * OCF success value is 0, if not zero, change dsaret to fail
+          */
+         if (0 != kop.crk_status)
+             dsaret = 0;
+     } else {
+         const DSA_METHOD *meth = DSA_OpenSSL();
+         dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+     }
+  err:
+     kop.crk_param[0].crp_p = NULL;
+     zapparams(&kop);
+     return (dsaret);
  }
  
  static DSA_METHOD cryptodev_dsa = {
-       "cryptodev DSA method",
-       NULL,
-       NULL,                           /* dsa_sign_setup */
-       NULL,
-       NULL,                           /* dsa_mod_exp */
-       NULL,
-       NULL,                           /* init */
-       NULL,                           /* finish */
-       0,      /* flags */
-       NULL    /* app_data */
+     "cryptodev DSA method",
+     NULL,
+     NULL,                       /* dsa_sign_setup */
+     NULL,
+     NULL,                       /* dsa_mod_exp */
+     NULL,
+     NULL,                       /* init */
+     NULL,                       /* finish */
+     0,                          /* flags */
+     NULL                        /* app_data */
  };
  
  static int
  cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-     BN_MONT_CTX *m_ctx)
+                      const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                      BN_MONT_CTX *m_ctx)
  {
-       return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+     return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
  }
  
  static int
  cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
  {
-       struct crypt_kop kop;
-       int dhret = 1;
-       int fd, keylen;
-       if ((fd = get_asym_dev_crypto()) < 0) {
-               const DH_METHOD *meth = DH_OpenSSL();
-               return ((meth->compute_key)(key, pub_key, dh));
-       }
-       keylen = BN_num_bits(dh->p);
-       memset(&kop, 0, sizeof kop);
-       kop.crk_op = CRK_DH_COMPUTE_KEY;
-       /* inputs: dh->priv_key pub_key dh->p key */
-       if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-               goto err;
-       if (bn2crparam(pub_key, &kop.crk_param[1]))
-               goto err;
-       if (bn2crparam(dh->p, &kop.crk_param[2]))
-               goto err;
-       kop.crk_iparams = 3;
-       kop.crk_param[3].crp_p = (caddr_t) key;
-       kop.crk_param[3].crp_nbits = keylen * 8;
-       kop.crk_oparams = 1;
-       if (ioctl(fd, CIOCKEY, &kop) == -1) {
-               const DH_METHOD *meth = DH_OpenSSL();
-               dhret = (meth->compute_key)(key, pub_key, dh);
-       }
- err:
-       kop.crk_param[3].crp_p = NULL;
-       zapparams(&kop);
-       return (dhret);
+     struct crypt_kop kop;
+     int dhret = 1;
+     int fd, keylen;
+     if ((fd = get_asym_dev_crypto()) < 0) {
+         const DH_METHOD *meth = DH_OpenSSL();
+         return ((meth->compute_key) (key, pub_key, dh));
+     }
+     keylen = BN_num_bits(dh->p);
+     memset(&kop, 0, sizeof kop);
+     kop.crk_op = CRK_DH_COMPUTE_KEY;
+     /* inputs: dh->priv_key pub_key dh->p key */
+     if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+         goto err;
+     if (bn2crparam(pub_key, &kop.crk_param[1]))
+         goto err;
+     if (bn2crparam(dh->p, &kop.crk_param[2]))
+         goto err;
+     kop.crk_iparams = 3;
+     kop.crk_param[3].crp_p = (caddr_t) key;
+     kop.crk_param[3].crp_nbits = keylen * 8;
+     kop.crk_oparams = 1;
+     if (ioctl(fd, CIOCKEY, &kop) == -1) {
+         const DH_METHOD *meth = DH_OpenSSL();
+         dhret = (meth->compute_key) (key, pub_key, dh);
+     }
 err:
+     kop.crk_param[3].crp_p = NULL;
+     zapparams(&kop);
+     return (dhret);
  }
  
  static DH_METHOD cryptodev_dh = {
-       "cryptodev DH method",
-       NULL,                           /* cryptodev_dh_generate_key */
-       NULL,
-       NULL,
-       NULL,
-       NULL,
-       0,      /* flags */
-       NULL    /* app_data */
+     "cryptodev DH method",
+     NULL,                       /* cryptodev_dh_generate_key */
+     NULL,
+     NULL,
+     NULL,
+     NULL,
+     0,                          /* flags */
+     NULL                        /* app_data */
  };
  
  /*
   * but I expect we'll want some options soon.
   */
  static int
- cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+ cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
  {
- #ifdef HAVE_SYSLOG_R
-       struct syslog_data sd = SYSLOG_DATA_INIT;
- #endif
+ # ifdef HAVE_SYSLOG_R
+     struct syslog_data sd = SYSLOG_DATA_INIT;
+ # endif
  
-       switch (cmd) {
-       default:
- #ifdef HAVE_SYSLOG_R
-               syslog_r(LOG_ERR, &sd,
-                   "cryptodev_ctrl: unknown command %d", cmd);
- #else
-               syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
- #endif
-               break;
-       }
-       return (1);
+     switch (cmd) {
+     default:
+ # ifdef HAVE_SYSLOG_R
+         syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
+ # else
+         syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+ # endif
+         break;
+     }
+     return (1);
  }
  
- void
- ENGINE_load_cryptodev(void)
+ void ENGINE_load_cryptodev(void)
  {
-       ENGINE *engine = ENGINE_new();
-       int fd;
-       if (engine == NULL)
-               return;
-       if ((fd = get_dev_crypto()) < 0) {
-               ENGINE_free(engine);
-               return;
-       }
-       /*
-        * find out what asymmetric crypto algorithms we support
-        */
-       if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-               put_dev_crypto(fd);
-               ENGINE_free(engine);
-               return;
-       }
-       put_dev_crypto(fd);
-       if (!ENGINE_set_id(engine, "cryptodev") ||
-           !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-           !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-           !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-           !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-           !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-               ENGINE_free(engine);
-               return;
-       }
-       if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-               const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-               cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
-               cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
-               cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
-               cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-               cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
-               cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                       cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-                       if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-                               cryptodev_rsa.rsa_mod_exp =
-                                   cryptodev_rsa_mod_exp;
-                       else
-                               cryptodev_rsa.rsa_mod_exp =
-                                   cryptodev_rsa_nocrt_mod_exp;
-               }
-       }
-       if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
-               const DSA_METHOD *meth = DSA_OpenSSL();
-               memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-               if (cryptodev_asymfeat & CRF_DSA_SIGN)
-                       cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                       cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-                       cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-               }
-               if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-                       cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-       }
-       if (ENGINE_set_DH(engine, &cryptodev_dh)){
-               const DH_METHOD *dh_meth = DH_OpenSSL();
-               cryptodev_dh.generate_key = dh_meth->generate_key;
-               cryptodev_dh.compute_key = dh_meth->compute_key;
-               cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-               if (cryptodev_asymfeat & CRF_MOD_EXP) {
-                       cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-                       if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-                               cryptodev_dh.compute_key =
-                                   cryptodev_dh_compute_key;
-               }
-       }
-       ENGINE_add(engine);
-       ENGINE_free(engine);
-       ERR_clear_error();
+     ENGINE *engine = ENGINE_new();
+     int fd;
+     if (engine == NULL)
+         return;
+     if ((fd = get_dev_crypto()) < 0) {
+         ENGINE_free(engine);
+         return;
+     }
+     /*
+      * find out what asymmetric crypto algorithms we support
+      */
+     if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+         put_dev_crypto(fd);
+         ENGINE_free(engine);
+         return;
+     }
+     put_dev_crypto(fd);
+     if (!ENGINE_set_id(engine, "cryptodev") ||
+         !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+         !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+         !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+         !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+         ENGINE_free(engine);
+         return;
+     }
+     if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+         const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+         cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+         cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+         cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+         cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+         cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+         cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+         if (cryptodev_asymfeat & CRF_MOD_EXP) {
+             cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+             if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+             else
+                 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+         }
+     }
+     if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+         const DSA_METHOD *meth = DSA_OpenSSL();
+         memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+         if (cryptodev_asymfeat & CRF_DSA_SIGN)
+             cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+         if (cryptodev_asymfeat & CRF_MOD_EXP) {
+             cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+             cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+         }
+         if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+             cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+     }
+     if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+         const DH_METHOD *dh_meth = DH_OpenSSL();
+         cryptodev_dh.generate_key = dh_meth->generate_key;
+         cryptodev_dh.compute_key = dh_meth->compute_key;
+         cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+         if (cryptodev_asymfeat & CRF_MOD_EXP) {
+             cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+             if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                 cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+         }
+     }
+     ENGINE_add(engine);
+     ENGINE_free(engine);
+     ERR_clear_error();
  }
  
- #endif /* HAVE_CRYPTODEV */
+ #endif                          /* HAVE_CRYPTODEV */
@@@ -1,6 -1,7 +1,7 @@@
  /* openssl/engine.h */
- /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
-  * project 2000.
+ /*
+  * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+  * 2000.
   */
  /* ====================================================================
   * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@@@ -10,7 -11,7 +11,7 @@@
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
-  *    notice, this list of conditions and the following disclaimer. 
+  *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   */
  /* ====================================================================
   * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
-  * ECDH support in OpenSSL originally developed by 
+  * ECDH support in OpenSSL originally developed by
   * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
   */
  
  #ifndef HEADER_ENGINE_H
- #define HEADER_ENGINE_H
- #include <openssl/opensslconf.h>
- #ifdef OPENSSL_NO_ENGINE
- #error ENGINE is disabled.
- #endif
- #ifndef OPENSSL_NO_DEPRECATED
- #include <openssl/bn.h>
- #ifndef OPENSSL_NO_RSA
- #include <openssl/rsa.h>
- #endif
- #ifndef OPENSSL_NO_DSA
- #include <openssl/dsa.h>
- #endif
- #ifndef OPENSSL_NO_DH
- #include <openssl/dh.h>
- #endif
- #ifndef OPENSSL_NO_ECDH
- #include <openssl/ecdh.h>
- #endif
- #ifndef OPENSSL_NO_ECDSA
- #include <openssl/ecdsa.h>
- #endif
- #include <openssl/rand.h>
- #include <openssl/ui.h>
- #include <openssl/err.h>
- #endif
- #include <openssl/ossl_typ.h>
- #include <openssl/symhacks.h>
- #include <openssl/x509.h>
+ # define HEADER_ENGINE_H
+ # include <openssl/opensslconf.h>
+ # ifdef OPENSSL_NO_ENGINE
+ #  error ENGINE is disabled.
+ # endif
+ # ifndef OPENSSL_NO_DEPRECATED
+ #  include <openssl/bn.h>
+ #  ifndef OPENSSL_NO_RSA
+ #   include <openssl/rsa.h>
+ #  endif
+ #  ifndef OPENSSL_NO_DSA
+ #   include <openssl/dsa.h>
+ #  endif
+ #  ifndef OPENSSL_NO_DH
+ #   include <openssl/dh.h>
+ #  endif
+ #  ifndef OPENSSL_NO_ECDH
+ #   include <openssl/ecdh.h>
+ #  endif
+ #  ifndef OPENSSL_NO_ECDSA
+ #   include <openssl/ecdsa.h>
+ #  endif
+ #  include <openssl/rand.h>
+ #  include <openssl/ui.h>
+ #  include <openssl/err.h>
+ # endif
+ # include <openssl/ossl_typ.h>
+ # include <openssl/symhacks.h>
+ # include <openssl/x509.h>
  
  #ifdef  __cplusplus
  extern "C" {
  #endif
  
- /* These flags are used to control combinations of algorithm (methods)
-  * by bitwise "OR"ing. */
- #define ENGINE_METHOD_RSA             (unsigned int)0x0001
- #define ENGINE_METHOD_DSA             (unsigned int)0x0002
- #define ENGINE_METHOD_DH              (unsigned int)0x0004
- #define ENGINE_METHOD_RAND            (unsigned int)0x0008
- #define ENGINE_METHOD_ECDH            (unsigned int)0x0010
- #define ENGINE_METHOD_ECDSA           (unsigned int)0x0020
- #define ENGINE_METHOD_CIPHERS         (unsigned int)0x0040
- #define ENGINE_METHOD_DIGESTS         (unsigned int)0x0080
- #define ENGINE_METHOD_STORE           (unsigned int)0x0100
- #define ENGINE_METHOD_PKEY_METHS      (unsigned int)0x0200
- #define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
+ /*
+  * These flags are used to control combinations of algorithm (methods) by
+  * bitwise "OR"ing.
+  */
+ # define ENGINE_METHOD_RSA               (unsigned int)0x0001
+ # define ENGINE_METHOD_DSA               (unsigned int)0x0002
+ # define ENGINE_METHOD_DH                (unsigned int)0x0004
+ # define ENGINE_METHOD_RAND              (unsigned int)0x0008
+ # define ENGINE_METHOD_ECDH              (unsigned int)0x0010
+ # define ENGINE_METHOD_ECDSA             (unsigned int)0x0020
+ # define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+ # define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+ # define ENGINE_METHOD_STORE             (unsigned int)0x0100
+ # define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+ # define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
  /* Obvious all-or-nothing cases. */
- #define ENGINE_METHOD_ALL             (unsigned int)0xFFFF
- #define ENGINE_METHOD_NONE            (unsigned int)0x0000
- /* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
-  * internally to control registration of ENGINE implementations, and can be set
-  * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
-  * initialise registered ENGINEs if they are not already initialised. */
- #define ENGINE_TABLE_FLAG_NOINIT      (unsigned int)0x0001
+ # define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+ # define ENGINE_METHOD_NONE              (unsigned int)0x0000
+ /*
+  * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+  * internally to control registration of ENGINE implementations, and can be
+  * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+  * initialise registered ENGINEs if they are not already initialised.
+  */
+ # define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
  
  /* ENGINE flags that can be set by ENGINE_set_flags(). */
- /* #define ENGINE_FLAGS_MALLOCED      0x0001 */ /* Not used */
- /* This flag is for ENGINEs that wish to handle the various 'CMD'-related
-  * control commands on their own. Without this flag, ENGINE_ctrl() handles these
-  * control commands on behalf of the ENGINE using their "cmd_defns" data. */
- #define ENGINE_FLAGS_MANUAL_CMD_CTRL  (int)0x0002
- /* This flag is for ENGINEs who return new duplicate structures when found via
-  * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
-  * commands are called in sequence as part of some stateful process like
-  * key-generation setup and execution), it can set this flag - then each attempt
-  * to obtain the ENGINE will result in it being copied into a new structure.
-  * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
-  * the existing ENGINE's structural reference count. */
- #define ENGINE_FLAGS_BY_ID_COPY               (int)0x0004
- /* This flag if for an ENGINE that does not want its methods registered as 
-  * part of ENGINE_register_all_complete() for example if the methods are
-  * not usable as default methods.
-  */
- #define ENGINE_FLAGS_NO_REGISTER_ALL  (int)0x0008
- /* ENGINEs can support their own command types, and these flags are used in
-  * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
-  * command expects. Currently only numeric and string input is supported. If a
-  * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
-  * then it is regarded as an "internal" control command - and not for use in
-  * config setting situations. As such, they're not available to the
-  * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
-  * this list of 'command types' should be reflected carefully in
-  * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+ /* Not used */
+ /* #define ENGINE_FLAGS_MALLOCED        0x0001 */
+ /*
+  * This flag is for ENGINEs that wish to handle the various 'CMD'-related
+  * control commands on their own. Without this flag, ENGINE_ctrl() handles
+  * these control commands on behalf of the ENGINE using their "cmd_defns"
+  * data.
+  */
+ # define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+ /*
+  * This flag is for ENGINEs who return new duplicate structures when found
+  * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
+  * ENGINE_ctrl() commands are called in sequence as part of some stateful
+  * process like key-generation setup and execution), it can set this flag -
+  * then each attempt to obtain the ENGINE will result in it being copied into
+  * a new structure. Normally, ENGINEs don't declare this flag so
+  * ENGINE_by_id() just increments the existing ENGINE's structural reference
+  * count.
+  */
+ # define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+ /*
+  * This flag if for an ENGINE that does not want its methods registered as
+  * part of ENGINE_register_all_complete() for example if the methods are not
+  * usable as default methods.
+  */
+ # define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
+ /*
+  * ENGINEs can support their own command types, and these flags are used in
+  * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
+  * each command expects. Currently only numeric and string input is
+  * supported. If a control command supports none of the _NUMERIC, _STRING, or
+  * _NO_INPUT options, then it is regarded as an "internal" control command -
+  * and not for use in config setting situations. As such, they're not
+  * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
+  * access. Changes to this list of 'command types' should be reflected
+  * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
+  */
  
  /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
- #define ENGINE_CMD_FLAG_NUMERIC               (unsigned int)0x0001
- /* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
-  * ENGINE_ctrl) */
- #define ENGINE_CMD_FLAG_STRING                (unsigned int)0x0002
- /* Indicates that the control command takes *no* input. Ie. the control command
-  * is unparameterised. */
- #define ENGINE_CMD_FLAG_NO_INPUT      (unsigned int)0x0004
- /* Indicates that the control command is internal. This control command won't
+ # define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+ /*
+  * accepts string input (cast from 'void*' to 'const char *', 4th parameter
+  * to ENGINE_ctrl)
+  */
+ # define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+ /*
+  * Indicates that the control command takes *no* input. Ie. the control
+  * command is unparameterised.
+  */
+ # define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+ /*
+  * Indicates that the control command is internal. This control command won't
   * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
-  * function. */
- #define ENGINE_CMD_FLAG_INTERNAL      (unsigned int)0x0008
- /* NB: These 3 control commands are deprecated and should not be used. ENGINEs
-  * relying on these commands should compile conditional support for
-  * compatibility (eg. if these symbols are defined) but should also migrate the
-  * same functionality to their own ENGINE-specific control functions that can be
-  * "discovered" by calling applications. The fact these control commands
-  * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
-  * fact that application code can find and use them without requiring per-ENGINE
-  * hacking. */
- /* These flags are used to tell the ctrl function what should be done.
-  * All command numbers are shared between all engines, even if some don't
-  * make sense to some engines.  In such a case, they do nothing but return
-  * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
- #define ENGINE_CTRL_SET_LOGSTREAM             1
- #define ENGINE_CTRL_SET_PASSWORD_CALLBACK     2
- #define ENGINE_CTRL_HUP                               3 /* Close and reinitialise any
-                                                    handles/connections etc. */
- #define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
- #define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
-                                                    when calling the password
-                                                    callback and the user
-                                                    interface */
- #define ENGINE_CTRL_LOAD_CONFIGURATION                6 /* Load a configuration, given
-                                                    a string that represents a
-                                                    file name or so */
- #define ENGINE_CTRL_LOAD_SECTION              7 /* Load data from a given
-                                                    section in the already loaded
-                                                    configuration */
- /* These control commands allow an application to deal with an arbitrary engine
-  * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
-  * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
-  * including ENGINE-specific command types, return zero for an error.
-  *
-  * An ENGINE can choose to implement these ctrl functions, and can internally
-  * manage things however it chooses - it does so by setting the
-  * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
-  * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
-  * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
-  * handler need only implement its own commands - the above "meta" commands will
-  * be taken care of. */
- /* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
-  * all the remaining control commands will return failure, so it is worth
-  * checking this first if the caller is trying to "discover" the engine's
-  * capabilities and doesn't want errors generated unnecessarily. */
- #define ENGINE_CTRL_HAS_CTRL_FUNCTION         10
- /* Returns a positive command number for the first command supported by the
-  * engine. Returns zero if no ctrl commands are supported. */
- #define ENGINE_CTRL_GET_FIRST_CMD_TYPE                11
- /* The 'long' argument specifies a command implemented by the engine, and the
-  * return value is the next command supported, or zero if there are no more. */
- #define ENGINE_CTRL_GET_NEXT_CMD_TYPE         12
- /* The 'void*' argument is a command name (cast from 'const char *'), and the
-  * return value is the command that corresponds to it. */
- #define ENGINE_CTRL_GET_CMD_FROM_NAME         13
- /* The next two allow a command to be converted into its corresponding string
-  * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
-  * case, the return value is the length of the command name (not counting a
-  * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
-  * large enough, and it will be populated with the name of the command (WITH a
-  * trailing EOL). */
- #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD     14
- #define ENGINE_CTRL_GET_NAME_FROM_CMD         15
+  * function.
+  */
+ # define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+ /*
+  * NB: These 3 control commands are deprecated and should not be used.
+  * ENGINEs relying on these commands should compile conditional support for
+  * compatibility (eg. if these symbols are defined) but should also migrate
+  * the same functionality to their own ENGINE-specific control functions that
+  * can be "discovered" by calling applications. The fact these control
+  * commands wouldn't be "executable" (ie. usable by text-based config)
+  * doesn't change the fact that application code can find and use them
+  * without requiring per-ENGINE hacking.
+  */
+ /*
+  * These flags are used to tell the ctrl function what should be done. All
+  * command numbers are shared between all engines, even if some don't make
+  * sense to some engines.  In such a case, they do nothing but return the
+  * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
+  */
+ # define ENGINE_CTRL_SET_LOGSTREAM               1
+ # define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+ # define ENGINE_CTRL_HUP                         3/* Close and reinitialise
+                                                    * any handles/connections
+                                                    * etc. */
+ # define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
+ # define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
+                                                    * when calling the password
+                                                    * callback and the user
+                                                    * interface */
+ # define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
+                                                    * given a string that
+                                                    * represents a file name
+                                                    * or so */
+ # define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
+                                                    * section in the already
+                                                    * loaded configuration */
+ /*
+  * These control commands allow an application to deal with an arbitrary
+  * engine in a dynamic way. Warn: Negative return values indicate errors FOR
+  * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
+  * commands, including ENGINE-specific command types, return zero for an
+  * error. An ENGINE can choose to implement these ctrl functions, and can
+  * internally manage things however it chooses - it does so by setting the
+  * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
+  * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
+  * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
+  * ctrl() handler need only implement its own commands - the above "meta"
+  * commands will be taken care of.
+  */
+ /*
+  * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
+  * then all the remaining control commands will return failure, so it is
+  * worth checking this first if the caller is trying to "discover" the
+  * engine's capabilities and doesn't want errors generated unnecessarily.
+  */
+ # define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+ /*
+  * Returns a positive command number for the first command supported by the
+  * engine. Returns zero if no ctrl commands are supported.
+  */
+ # define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+ /*
+  * The 'long' argument specifies a command implemented by the engine, and the
+  * return value is the next command supported, or zero if there are no more.
+  */
+ # define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+ /*
+  * The 'void*' argument is a command name (cast from 'const char *'), and the
+  * return value is the command that corresponds to it.
+  */
+ # define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+ /*
+  * The next two allow a command to be converted into its corresponding string
+  * form. In each case, the 'long' argument supplies the command. In the
+  * NAME_LEN case, the return value is the length of the command name (not
+  * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
+  * string buffer large enough, and it will be populated with the name of the
+  * command (WITH a trailing EOL).
+  */
+ # define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+ # define ENGINE_CTRL_GET_NAME_FROM_CMD           15
  /* The next two are similar but give a "short description" of a command. */
- #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD     16
- #define ENGINE_CTRL_GET_DESC_FROM_CMD         17
- /* With this command, the return value is the OR'd combination of
+ # define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+ # define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+ /*
+  * With this command, the return value is the OR'd combination of
   * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
-  * engine-specific ctrl command expects. */
- #define ENGINE_CTRL_GET_CMD_FLAGS             18
+  * engine-specific ctrl command expects.
+  */
+ # define ENGINE_CTRL_GET_CMD_FLAGS               18
  
- /* ENGINE implementations should start the numbering of their own control
-  * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
- #define ENGINE_CMD_BASE                               200
+ /*
+  * ENGINE implementations should start the numbering of their own control
+  * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
+  */
+ # define ENGINE_CMD_BASE                         200
  
- /* NB: These 2 nCipher "chil" control commands are deprecated, and their
+ /*
+  * NB: These 2 nCipher "chil" control commands are deprecated, and their
   * functionality is now available through ENGINE-specific control commands
   * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
-  * commands should be migrated to the more general command handling before these
-  * are removed. */
+  * commands should be migrated to the more general command handling before
+  * these are removed.
+  */
  
  /* Flags specific to the nCipher "chil" engine */
- #define ENGINE_CTRL_CHIL_SET_FORKCHECK                100
-       /* Depending on the value of the (long)i argument, this sets or
-        * unsets the SimpleForkCheck flag in the CHIL API to enable or
-        * disable checking and workarounds for applications that fork().
-        */
- #define ENGINE_CTRL_CHIL_NO_LOCKING           101
-       /* This prevents the initialisation function from providing mutex
-        * callbacks to the nCipher library. */
- /* If an ENGINE supports its own specific control commands and wishes the
-  * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
-  * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
-  * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
-  * supports the stated commands (ie. the "cmd_num" entries as described by the
-  * array). NB: The array must be ordered in increasing order of cmd_num.
-  * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
-  * to zero and/or cmd_name set to NULL. */
- typedef struct ENGINE_CMD_DEFN_st
-       {
-       unsigned int cmd_num; /* The command number */
-       const char *cmd_name; /* The command name itself */
-       const char *cmd_desc; /* A short description of the command */
-       unsigned int cmd_flags; /* The input the command expects */
-       } ENGINE_CMD_DEFN;
+ # define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+         /*
+          * Depending on the value of the (long)i argument, this sets or
+          * unsets the SimpleForkCheck flag in the CHIL API to enable or
+          * disable checking and workarounds for applications that fork().
+          */
+ # define ENGINE_CTRL_CHIL_NO_LOCKING             101
+         /*
+          * This prevents the initialisation function from providing mutex
+          * callbacks to the nCipher library.
+          */
+ /*
+  * If an ENGINE supports its own specific control commands and wishes the
+  * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
+  * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
+  * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
+  * handler that supports the stated commands (ie. the "cmd_num" entries as
+  * described by the array). NB: The array must be ordered in increasing order
+  * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
+  * has cmd_num set to zero and/or cmd_name set to NULL.
+  */
+ typedef struct ENGINE_CMD_DEFN_st {
+     unsigned int cmd_num;       /* The command number */
+     const char *cmd_name;       /* The command name itself */
+     const char *cmd_desc;       /* A short description of the command */
+     unsigned int cmd_flags;     /* The input the command expects */
+ } ENGINE_CMD_DEFN;
  
  /* Generic function pointer */
- typedef int (*ENGINE_GEN_FUNC_PTR)(void);
+ typedef int (*ENGINE_GEN_FUNC_PTR) (void);
  /* Generic function pointer taking no arguments */
- typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+ typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
  /* Specific control function pointer */
- typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
+ typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
+                                      void (*f) (void));
  /* Generic load_key function pointer */
- typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
-       UI_METHOD *ui_method, void *callback_data);
- typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
-       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
- /* These callback types are for an ENGINE's handler for cipher and digest logic.
+ typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+                                          UI_METHOD *ui_method,
+                                          void *callback_data);
+ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
+                                            STACK_OF(X509_NAME) *ca_dn,
+                                            X509 **pcert, EVP_PKEY **pkey,
+                                            STACK_OF(X509) **pother,
+                                            UI_METHOD *ui_method,
+                                            void *callback_data);
+ /*-
+  * These callback types are for an ENGINE's handler for cipher and digest logic.
   * These handlers have these prototypes;
   *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
   *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
   * If the framework wants a list of supported 'nid's, it will call;
   *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
   */
- /* Returns to a pointer to the array of supported cipher 'nid's. If the second
-  * parameter is non-NULL it is set to the size of the returned array. */
- typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
- typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
- typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
- typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
- /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
-  * structures where the pointers have a "structural reference". This means that
-  * their reference is to allowed access to the structure but it does not imply
-  * that the structure is functional. To simply increment or decrement the
-  * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
-  * required when iterating using ENGINE_get_next as it will automatically
-  * decrement the structural reference count of the "current" ENGINE and
-  * increment the structural reference count of the ENGINE it returns (unless it
-  * is NULL). */
+ /*
+  * Returns to a pointer to the array of supported cipher 'nid's. If the
+  * second parameter is non-NULL it is set to the size of the returned array.
+  */
+ typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
+                                    const int **, int);
+ typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
+                                    int);
+ typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
+                                       const int **, int);
+ typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
+                                            const int **, int);
+ /*
+  * STRUCTURE functions ... all of these functions deal with pointers to
+  * ENGINE structures where the pointers have a "structural reference". This
+  * means that their reference is to allowed access to the structure but it
+  * does not imply that the structure is functional. To simply increment or
+  * decrement the structural reference count, use ENGINE_by_id and
+  * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
+  * as it will automatically decrement the structural reference count of the
+  * "current" ENGINE and increment the structural reference count of the
+  * ENGINE it returns (unless it is NULL).
+  */
  
  /* Get the first/last "ENGINE" type available. */
  ENGINE *ENGINE_get_first(void);
@@@ -332,7 -394,7 +394,7 @@@ ENGINE *ENGINE_by_id(const char *id)
  /* Add all the built-in engines. */
  void ENGINE_load_openssl(void);
  void ENGINE_load_dynamic(void);
- #ifndef OPENSSL_NO_STATIC_ENGINE
+ # ifndef OPENSSL_NO_STATIC_ENGINE
  void ENGINE_load_4758cca(void);
  void ENGINE_load_aep(void);
  void ENGINE_load_atalla(void);
@@@ -343,30 -405,33 +405,33 @@@ void ENGINE_load_sureware(void)
  void ENGINE_load_ubsec(void);
  void ENGINE_load_padlock(void);
  void ENGINE_load_capi(void);
- #ifndef OPENSSL_NO_GMP
+ #  ifndef OPENSSL_NO_GMP
  void ENGINE_load_gmp(void);
- #endif
- #ifndef OPENSSL_NO_GOST
+ #  endif
+ #  ifndef OPENSSL_NO_GOST
  void ENGINE_load_gost(void);
- #endif
- #endif
+ #  endif
+ # endif
  void ENGINE_load_cryptodev(void);
  void ENGINE_load_rsax(void);
  void ENGINE_load_rdrand(void);
  void ENGINE_load_builtin_engines(void);
  
- /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
-  * "registry" handling. */
+ /*
+  * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+  * "registry" handling.
+  */
  unsigned int ENGINE_get_table_flags(void);
  void ENGINE_set_table_flags(unsigned int flags);
  
- /* Manage registration of ENGINEs per "table". For each type, there are 3
+ /*- Manage registration of ENGINEs per "table". For each type, there are 3
   * functions;
   *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
   *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
   *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
   * Cleanup is automatically registered from each table when required, so
-  * ENGINE_cleanup() will reverse any "register" operations. */
+  * ENGINE_cleanup() will reverse any "register" operations.
+  */
  
  int ENGINE_register_RSA(ENGINE *e);
  void ENGINE_unregister_RSA(ENGINE *e);
@@@ -412,63 -477,77 +477,77 @@@ int ENGINE_register_pkey_asn1_meths(ENG
  void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
  void ENGINE_register_all_pkey_asn1_meths(void);
  
- /* These functions register all support from the above categories. Note, use of
-  * these functions can result in static linkage of code your application may not
-  * need. If you only need a subset of functionality, consider using more
-  * selective initialisation. */
+ /*
+  * These functions register all support from the above categories. Note, use
+  * of these functions can result in static linkage of code your application
+  * may not need. If you only need a subset of functionality, consider using
+  * more selective initialisation.
+  */
  int ENGINE_register_complete(ENGINE *e);
  int ENGINE_register_all_complete(void);
  
- /* Send parametrised control commands to the engine. The possibilities to send
-  * down an integer, a pointer to data or a function pointer are provided. Any of
-  * the parameters may or may not be NULL, depending on the command number. In
-  * actuality, this function only requires a structural (rather than functional)
-  * reference to an engine, but many control commands may require the engine be
-  * functional. The caller should be aware of trying commands that require an
-  * operational ENGINE, and only use functional references in such situations. */
- int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
- /* This function tests if an ENGINE-specific command is usable as a "setting".
-  * Eg. in an application's config file that gets processed through
+ /*
+  * Send parametrised control commands to the engine. The possibilities to
+  * send down an integer, a pointer to data or a function pointer are
+  * provided. Any of the parameters may or may not be NULL, depending on the
+  * command number. In actuality, this function only requires a structural
+  * (rather than functional) reference to an engine, but many control commands
+  * may require the engine be functional. The caller should be aware of trying
+  * commands that require an operational ENGINE, and only use functional
+  * references in such situations.
+  */
+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+ /*
+  * This function tests if an ENGINE-specific command is usable as a
+  * "setting". Eg. in an application's config file that gets processed through
   * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
-  * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+  * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
+  */
  int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
  
- /* This function works like ENGINE_ctrl() with the exception of taking a
-  * command name instead of a command number, and can handle optional commands.
-  * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
-  * use the cmd_name and cmd_optional. */
+ /*
+  * This function works like ENGINE_ctrl() with the exception of taking a
+  * command name instead of a command number, and can handle optional
+  * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
+  * on how to use the cmd_name and cmd_optional.
+  */
  int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-         long i, void *p, void (*f)(void), int cmd_optional);
- /* This function passes a command-name and argument to an ENGINE. The cmd_name
-  * is converted to a command number and the control command is called using
-  * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
-  * which case no control command is called). The command is checked for input
-  * flags, and if necessary the argument will be converted to a numeric value. If
-  * cmd_optional is non-zero, then if the ENGINE doesn't support the given
-  * cmd_name the return value will be success anyway. This function is intended
-  * for applications to use so that users (or config files) can supply
-  * engine-specific config data to the ENGINE at run-time to control behaviour of
-  * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
-  * functions that return data, deal with binary data, or that are otherwise
-  * supposed to be used directly through ENGINE_ctrl() in application code. Any
-  * "return" data from an ENGINE_ctrl() operation in this function will be lost -
-  * the return value is interpreted as failure if the return value is zero,
-  * success otherwise, and this function returns a boolean value as a result. In
-  * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
-  * implementations with parameterisations that work in this scheme, so that
-  * compliant ENGINE-based applications can work consistently with the same
-  * configuration for the same ENGINE-enabled devices, across applications. */
+                     long i, void *p, void (*f) (void), int cmd_optional);
+ /*
+  * This function passes a command-name and argument to an ENGINE. The
+  * cmd_name is converted to a command number and the control command is
+  * called using 'arg' as an argument (unless the ENGINE doesn't support such
+  * a command, in which case no control command is called). The command is
+  * checked for input flags, and if necessary the argument will be converted
+  * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
+  * doesn't support the given cmd_name the return value will be success
+  * anyway. This function is intended for applications to use so that users
+  * (or config files) can supply engine-specific config data to the ENGINE at
+  * run-time to control behaviour of specific engines. As such, it shouldn't
+  * be used for calling ENGINE_ctrl() functions that return data, deal with
+  * binary data, or that are otherwise supposed to be used directly through
+  * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
+  * operation in this function will be lost - the return value is interpreted
+  * as failure if the return value is zero, success otherwise, and this
+  * function returns a boolean value as a result. In other words, vendors of
+  * 'ENGINE'-enabled devices should write ENGINE implementations with
+  * parameterisations that work in this scheme, so that compliant ENGINE-based
+  * applications can work consistently with the same configuration for the
+  * same ENGINE-enabled devices, across applications.
+  */
  int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-                               int cmd_optional);
- /* These functions are useful for manufacturing new ENGINE structures. They
-  * don't address reference counting at all - one uses them to populate an ENGINE
-  * structure with personalised implementations of things prior to using it
-  * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
-  * here so that the ENGINE structure doesn't have to be exposed and break binary
-  * compatibility! */
+                            int cmd_optional);
+ /*
+  * These functions are useful for manufacturing new ENGINE structures. They
+  * don't address reference counting at all - one uses them to populate an
+  * ENGINE structure with personalised implementations of things prior to
+  * using it directly or adding it to the builtin ENGINE list in OpenSSL.
+  * These are also here so that the ENGINE structure doesn't have to be
+  * exposed and break binary compatibility!
+  */
  ENGINE *ENGINE_new(void);
  int ENGINE_free(ENGINE *e);
  int ENGINE_up_ref(ENGINE *e);
@@@ -485,10 -564,12 +564,12 @@@ int ENGINE_set_destroy_function(ENGINE 
  int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
  int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
  int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
- int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e,
+                                      ENGINE_LOAD_KEY_PTR loadpriv_f);
  int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
  int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-                               ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
+                                              ENGINE_SSL_CLIENT_CERT_PTR
+                                              loadssl_f);
  int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
  int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
  int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
@@@ -497,20 -578,25 +578,25 @@@ int ENGINE_set_flags(ENGINE *e, int fla
  int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
  /* These functions allow control over any per-structure ENGINE data. */
  int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-               CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+                             CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func);
  int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
  void *ENGINE_get_ex_data(const ENGINE *e, int idx);
  
- /* This function cleans up anything that needs it. Eg. the ENGINE_add() function
-  * automatically ensures the list cleanup function is registered to be called
-  * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
-  * ENGINE_cleanup() will clean up after them. */
+ /*
+  * This function cleans up anything that needs it. Eg. the ENGINE_add()
+  * function automatically ensures the list cleanup function is registered to
+  * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_***
+  * functions ensure ENGINE_cleanup() will clean up after them.
+  */
  void ENGINE_cleanup(void);
  
- /* These return values from within the ENGINE structure. These can be useful
+ /*
+  * These return values from within the ENGINE structure. These can be useful
   * with functional references as well as structural references - it depends
   * which you obtained. Using the result for functional purposes if you only
-  * obtained a structural reference may be problematic! */
+  * obtained a structural reference may be problematic!
+  */
  const char *ENGINE_get_id(const ENGINE *e);
  const char *ENGINE_get_name(const ENGINE *e);
  const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
@@@ -526,7 -612,8 +612,8 @@@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_fini
  ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
  ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
  ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
- ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
+ ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                                *e);
  ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
  ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
  ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
@@@ -536,49 -623,60 +623,60 @@@ const EVP_MD *ENGINE_get_digest(ENGINE 
  const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
  const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
  const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
-                                       const char *str, int len);
+                                                           const char *str,
+                                                           int len);
  const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
-                                       const char *str, int len);
+                                                       const char *str,
+                                                       int len);
  const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
  int ENGINE_get_flags(const ENGINE *e);
  
- /* FUNCTIONAL functions. These functions deal with ENGINE structures
-  * that have (or will) be initialised for use. Broadly speaking, the
-  * structural functions are useful for iterating the list of available
-  * engine types, creating new engine types, and other "list" operations.
-  * These functions actually deal with ENGINEs that are to be used. As
-  * such these functions can fail (if applicable) when particular
-  * engines are unavailable - eg. if a hardware accelerator is not
-  * attached or not functioning correctly. Each ENGINE has 2 reference
-  * counts; structural and functional. Every time a functional reference
-  * is obtained or released, a corresponding structural reference is
-  * automatically obtained or released too. */
- /* Initialise a engine type for use (or up its reference count if it's
-  * already in use). This will fail if the engine is not currently
-  * operational and cannot initialise. */
+ /*
+  * FUNCTIONAL functions. These functions deal with ENGINE structures that
+  * have (or will) be initialised for use. Broadly speaking, the structural
+  * functions are useful for iterating the list of available engine types,
+  * creating new engine types, and other "list" operations. These functions
+  * actually deal with ENGINEs that are to be used. As such these functions
+  * can fail (if applicable) when particular engines are unavailable - eg. if
+  * a hardware accelerator is not attached or not functioning correctly. Each
+  * ENGINE has 2 reference counts; structural and functional. Every time a
+  * functional reference is obtained or released, a corresponding structural
+  * reference is automatically obtained or released too.
+  */
+ /*
+  * Initialise a engine type for use (or up its reference count if it's
+  * already in use). This will fail if the engine is not currently operational
+  * and cannot initialise.
+  */
  int ENGINE_init(ENGINE *e);
- /* Free a functional reference to a engine type. This does not require
-  * a corresponding call to ENGINE_free as it also releases a structural
-  * reference. */
+ /*
+  * Free a functional reference to a engine type. This does not require a
+  * corresponding call to ENGINE_free as it also releases a structural
+  * reference.
+  */
  int ENGINE_finish(ENGINE *e);
  
- /* The following functions handle keys that are stored in some secondary
+ /*
+  * The following functions handle keys that are stored in some secondary
   * location, handled by the engine.  The storage may be on a card or
-  * whatever. */
+  * whatever.
+  */
  EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-       UI_METHOD *ui_method, void *callback_data);
+                                   UI_METHOD *ui_method, void *callback_data);
  EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-       UI_METHOD *ui_method, void *callback_data);
+                                  UI_METHOD *ui_method, void *callback_data);
  int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-       STACK_OF(X509) **pother,
-       UI_METHOD *ui_method, void *callback_data);
- /* This returns a pointer for the current ENGINE structure that
-  * is (by default) performing any RSA operations. The value returned
-  * is an incremented reference, so it should be free'd (ENGINE_finish)
-  * before it is discarded. */
+                                 STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                 EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                 UI_METHOD *ui_method, void *callback_data);
+ /*
+  * This returns a pointer for the current ENGINE structure that is (by
+  * default) performing any RSA operations. The value returned is an
+  * incremented reference, so it should be free'd (ENGINE_finish) before it is
+  * discarded.
+  */
  ENGINE *ENGINE_get_default_RSA(void);
  /* Same for the other "methods" */
  ENGINE *ENGINE_get_default_DSA(void);
@@@ -586,17 -684,21 +684,21 @@@ ENGINE *ENGINE_get_default_ECDH(void)
  ENGINE *ENGINE_get_default_ECDSA(void);
  ENGINE *ENGINE_get_default_DH(void);
  ENGINE *ENGINE_get_default_RAND(void);
- /* These functions can be used to get a functional reference to perform
-  * ciphering or digesting corresponding to "nid". */
+ /*
+  * These functions can be used to get a functional reference to perform
+  * ciphering or digesting corresponding to "nid".
+  */
  ENGINE *ENGINE_get_cipher_engine(int nid);
  ENGINE *ENGINE_get_digest_engine(int nid);
  ENGINE *ENGINE_get_pkey_meth_engine(int nid);
  ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
  
- /* This sets a new default ENGINE structure for performing RSA
-  * operations. If the result is non-zero (success) then the ENGINE
-  * structure will have had its reference count up'd so the caller
-  * should still free their own reference 'e'. */
+ /*
+  * This sets a new default ENGINE structure for performing RSA operations. If
+  * the result is non-zero (success) then the ENGINE structure will have had
+  * its reference count up'd so the caller should still free their own
+  * reference 'e'.
+  */
  int ENGINE_set_default_RSA(ENGINE *e);
  int ENGINE_set_default_string(ENGINE *e, const char *def_list);
  /* Same for the other "methods" */
@@@ -610,11 -712,13 +712,13 @@@ int ENGINE_set_default_digests(ENGINE *
  int ENGINE_set_default_pkey_meths(ENGINE *e);
  int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
  
- /* The combination "set" - the flags are bitwise "OR"d from the
+ /*
+  * The combination "set" - the flags are bitwise "OR"d from the
   * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
   * function, this function can result in unnecessary static linkage. If your
   * application requires only specific functionality, consider using more
-  * selective functions. */
+  * selective functions.
+  */
  int ENGINE_set_default(ENGINE *e, unsigned int flags);
  
  void ENGINE_add_conf_module(void);
  /**************************/
  
  /* Binary/behaviour compatibility levels */
- #define OSSL_DYNAMIC_VERSION          (unsigned long)0x00020000
- /* Binary versions older than this are too old for us (whether we're a loader or
-  * a loadee) */
- #define OSSL_DYNAMIC_OLDEST           (unsigned long)0x00020000
- /* When compiling an ENGINE entirely as an external shared library, loadable by
-  * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
-  * type provides the calling application's (or library's) error functionality
-  * and memory management function pointers to the loaded library. These should
-  * be used/set in the loaded library code so that the loading application's
-  * 'state' will be used/changed in all operations. The 'static_state' pointer
-  * allows the loaded library to know if it shares the same static data as the
-  * calling application (or library), and thus whether these callbacks need to be
-  * set or not. */
- typedef void *(*dyn_MEM_malloc_cb)(size_t);
- typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
- typedef void (*dyn_MEM_free_cb)(void *);
+ # define OSSL_DYNAMIC_VERSION            (unsigned long)0x00020000
+ /*
+  * Binary versions older than this are too old for us (whether we're a loader
+  * or a loadee)
+  */
+ # define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00020000
+ /*
+  * When compiling an ENGINE entirely as an external shared library, loadable
+  * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
+  * structure type provides the calling application's (or library's) error
+  * functionality and memory management function pointers to the loaded
+  * library. These should be used/set in the loaded library code so that the
+  * loading application's 'state' will be used/changed in all operations. The
+  * 'static_state' pointer allows the loaded library to know if it shares the
+  * same static data as the calling application (or library), and thus whether
+  * these callbacks need to be set or not.
+  */
+ typedef void *(*dyn_MEM_malloc_cb) (size_t);
+ typedef void *(*dyn_MEM_realloc_cb) (void *, size_t);
+ typedef void (*dyn_MEM_free_cb) (void *);
  typedef struct st_dynamic_MEM_fns {
-       dyn_MEM_malloc_cb                       malloc_cb;
-       dyn_MEM_realloc_cb                      realloc_cb;
-       dyn_MEM_free_cb                         free_cb;
-       } dynamic_MEM_fns;
- /* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
-  * these types so we (and any other dependant code) can simplify a bit?? */
- typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
- typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
- typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
-                                               const char *,int);
- typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
-                                               const char *,int);
- typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
-                                               const char *,int);
+     dyn_MEM_malloc_cb malloc_cb;
+     dyn_MEM_realloc_cb realloc_cb;
+     dyn_MEM_free_cb free_cb;
+ } dynamic_MEM_fns;
+ /*
+  * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
+  * use these types so we (and any other dependant code) can simplify a bit??
+  */
+ typedef void (*dyn_lock_locking_cb) (int, int, const char *, int);
+ typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int);
+ typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *,
+                                                                int);
+ typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *,
+                                      const char *, int);
+ typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *,
+                                         const char *, int);
  typedef struct st_dynamic_LOCK_fns {
-       dyn_lock_locking_cb                     lock_locking_cb;
-       dyn_lock_add_lock_cb                    lock_add_lock_cb;
-       dyn_dynlock_create_cb                   dynlock_create_cb;
-       dyn_dynlock_lock_cb                     dynlock_lock_cb;
-       dyn_dynlock_destroy_cb                  dynlock_destroy_cb;
      } dynamic_LOCK_fns;
+     dyn_lock_locking_cb lock_locking_cb;
+     dyn_lock_add_lock_cb lock_add_lock_cb;
+     dyn_dynlock_create_cb dynlock_create_cb;
+     dyn_dynlock_lock_cb dynlock_lock_cb;
+     dyn_dynlock_destroy_cb dynlock_destroy_cb;
+ } dynamic_LOCK_fns;
  /* The top-level structure */
  typedef struct st_dynamic_fns {
-       void                                    *static_state;
-       const ERR_FNS                           *err_fns;
-       const CRYPTO_EX_DATA_IMPL               *ex_data_fns;
-       dynamic_MEM_fns                         mem_fns;
-       dynamic_LOCK_fns                        lock_fns;
-       } dynamic_fns;
- /* The version checking function should be of this prototype. NB: The
-  * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
-  * If this function returns zero, it indicates a (potential) version
+     void *static_state;
+     const ERR_FNS *err_fns;
+     const CRYPTO_EX_DATA_IMPL *ex_data_fns;
+     dynamic_MEM_fns mem_fns;
+     dynamic_LOCK_fns lock_fns;
+ } dynamic_fns;
+ /*
+  * The version checking function should be of this prototype. NB: The
+  * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
+  * code. If this function returns zero, it indicates a (potential) version
   * incompatibility and the loaded library doesn't believe it can proceed.
   * Otherwise, the returned value is the (latest) version supported by the
-  * loading library. The loader may still decide that the loaded code's version
-  * is unsatisfactory and could veto the load. The function is expected to
-  * be implemented with the symbol name "v_check", and a default implementation
-  * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
- typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
- #define IMPLEMENT_DYNAMIC_CHECK_FN() \
-       OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
-       OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
-               if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
-               return 0; }
- /* This function is passed the ENGINE structure to initialise with its own
+  * loading library. The loader may still decide that the loaded code's
+  * version is unsatisfactory and could veto the load. The function is
+  * expected to be implemented with the symbol name "v_check", and a default
+  * implementation can be fully instantiated with
+  * IMPLEMENT_DYNAMIC_CHECK_FN().
+  */
+ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
+ # define IMPLEMENT_DYNAMIC_CHECK_FN() \
+         OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
+         OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+                 if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                 return 0; }
+ /*
+  * This function is passed the ENGINE structure to initialise with its own
   * function and command settings. It should not adjust the structural or
-  * functional reference counts. If this function returns zero, (a) the load will
-  * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
-  * structure, and (c) the shared library will be unloaded. So implementations
-  * should do their own internal cleanup in failure circumstances otherwise they
-  * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
-  * the loader is looking for. If this is NULL, the shared library can choose to
-  * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
-  * library must initialise only an ENGINE matching the passed 'id'. The function
-  * is expected to be implemented with the symbol name "bind_engine". A standard
-  * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
-  * the parameter 'fn' is a callback function that populates the ENGINE structure
-  * and returns an int value (zero for failure). 'fn' should have prototype;
-  *    [static] int fn(ENGINE *e, const char *id); */
- typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
-                               const dynamic_fns *fns);
- #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
-       OPENSSL_EXPORT \
-       int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
-       OPENSSL_EXPORT \
-       int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-               if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-               if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-                       fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-                       return 0; \
-               CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-               CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-               CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-               CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-               CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-               if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-                       return 0; \
-               if(!ERR_set_implementation(fns->err_fns)) return 0; \
-       skip_cbs: \
-               if(!fn(e,id)) return 0; \
-               return 1; }
- /* If the loading application (or library) and the loaded ENGINE library share
-  * the same static data (eg. they're both dynamically linked to the same
-  * libcrypto.so) we need a way to avoid trying to set system callbacks - this
-  * would fail, and for the same reason that it's unnecessary to try. If the
-  * loaded ENGINE has (or gets from through the loader) its own copy of the
-  * libcrypto static data, we will need to set the callbacks. The easiest way to
-  * detect this is to have a function that returns a pointer to some static data
-  * and let the loading application and loaded ENGINE compare their respective
-  * values. */
+  * functional reference counts. If this function returns zero, (a) the load
+  * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
+  * the structure, and (c) the shared library will be unloaded. So
+  * implementations should do their own internal cleanup in failure
+  * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
+  * represents the ENGINE id that the loader is looking for. If this is NULL,
+  * the shared library can choose to return failure or to initialise a
+  * 'default' ENGINE. If non-NULL, the shared library must initialise only an
+  * ENGINE matching the passed 'id'. The function is expected to be
+  * implemented with the symbol name "bind_engine". A standard implementation
+  * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
+  * 'fn' is a callback function that populates the ENGINE structure and
+  * returns an int value (zero for failure). 'fn' should have prototype;
+  * [static] int fn(ENGINE *e, const char *id);
+  */
+ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+                                     const dynamic_fns *fns);
+ # define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+         OPENSSL_EXPORT \
+         int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+         OPENSSL_EXPORT \
+         int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+                 if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+                 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+                         fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+                         return 0; \
+                 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+                 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+                 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+                 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+                 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+                 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+                         return 0; \
+                 if(!ERR_set_implementation(fns->err_fns)) return 0; \
+         skip_cbs: \
+                 if(!fn(e,id)) return 0; \
+                 return 1; }
+ /*
+  * If the loading application (or library) and the loaded ENGINE library
+  * share the same static data (eg. they're both dynamically linked to the
+  * same libcrypto.so) we need a way to avoid trying to set system callbacks -
+  * this would fail, and for the same reason that it's unnecessary to try. If
+  * the loaded ENGINE has (or gets from through the loader) its own copy of
+  * the libcrypto static data, we will need to set the callbacks. The easiest
+  * way to detect this is to have a function that returns a pointer to some
+  * static data and let the loading application and loaded ENGINE compare
+  * their respective values.
+  */
  void *ENGINE_get_static_state(void);
  
- #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV)
 -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
++# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV)
  void ENGINE_setup_bsd_cryptodev(void);
- #endif
+ # endif
  
  /* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
+ /*
+  * The following lines are auto generated by the script mkerr.pl. Any changes
   * made after this point may be overwritten when the script is next run.
   */
  void ERR_load_ENGINE_strings(void);
  /* Error codes for the ENGINE functions. */
  
  /* Function codes. */
- #define ENGINE_F_DYNAMIC_CTRL                          180
- #define ENGINE_F_DYNAMIC_GET_DATA_CTX                  181
- #define ENGINE_F_DYNAMIC_LOAD                          182
- #define ENGINE_F_DYNAMIC_SET_DATA_CTX                  183
- #define ENGINE_F_ENGINE_ADD                            105
- #define ENGINE_F_ENGINE_BY_ID                          106
- #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE              170
- #define ENGINE_F_ENGINE_CTRL                           142
- #define ENGINE_F_ENGINE_CTRL_CMD                       178
- #define ENGINE_F_ENGINE_CTRL_CMD_STRING                        171
- #define ENGINE_F_ENGINE_FINISH                                 107
- #define ENGINE_F_ENGINE_FREE_UTIL                      108
- #define ENGINE_F_ENGINE_GET_CIPHER                     185
- #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE               177
- #define ENGINE_F_ENGINE_GET_DIGEST                     186
- #define ENGINE_F_ENGINE_GET_NEXT                       115
- #define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH             193
- #define ENGINE_F_ENGINE_GET_PKEY_METH                  192
- #define ENGINE_F_ENGINE_GET_PREV                       116
- #define ENGINE_F_ENGINE_INIT                           119
- #define ENGINE_F_ENGINE_LIST_ADD                       120
- #define ENGINE_F_ENGINE_LIST_REMOVE                    121
- #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY               150
- #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                        151
- #define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT           194
- #define ENGINE_F_ENGINE_NEW                            122
- #define ENGINE_F_ENGINE_REMOVE                                 123
- #define ENGINE_F_ENGINE_SET_DEFAULT_STRING             189
- #define ENGINE_F_ENGINE_SET_DEFAULT_TYPE               126
- #define ENGINE_F_ENGINE_SET_ID                                 129
- #define ENGINE_F_ENGINE_SET_NAME                       130
- #define ENGINE_F_ENGINE_TABLE_REGISTER                         184
- #define ENGINE_F_ENGINE_UNLOAD_KEY                     152
- #define ENGINE_F_ENGINE_UNLOCKED_FINISH                        191
- #define ENGINE_F_ENGINE_UP_REF                                 190
- #define ENGINE_F_INT_CTRL_HELPER                       172
- #define ENGINE_F_INT_ENGINE_CONFIGURE                  188
- #define ENGINE_F_INT_ENGINE_MODULE_INIT                        187
- #define ENGINE_F_LOG_MESSAGE                           141
+ # define ENGINE_F_DYNAMIC_CTRL                            180
+ # define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+ # define ENGINE_F_DYNAMIC_LOAD                            182
+ # define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
+ # define ENGINE_F_ENGINE_ADD                              105
+ # define ENGINE_F_ENGINE_BY_ID                            106
+ # define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+ # define ENGINE_F_ENGINE_CTRL                             142
+ # define ENGINE_F_ENGINE_CTRL_CMD                         178
+ # define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+ # define ENGINE_F_ENGINE_FINISH                           107
+ # define ENGINE_F_ENGINE_FREE_UTIL                        108
+ # define ENGINE_F_ENGINE_GET_CIPHER                       185
+ # define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
+ # define ENGINE_F_ENGINE_GET_DIGEST                       186
+ # define ENGINE_F_ENGINE_GET_NEXT                         115
+ # define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+ # define ENGINE_F_ENGINE_GET_PKEY_METH                    192
+ # define ENGINE_F_ENGINE_GET_PREV                         116
+ # define ENGINE_F_ENGINE_INIT                             119
+ # define ENGINE_F_ENGINE_LIST_ADD                         120
+ # define ENGINE_F_ENGINE_LIST_REMOVE                      121
+ # define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+ # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+ # define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
+ # define ENGINE_F_ENGINE_NEW                              122
+ # define ENGINE_F_ENGINE_REMOVE                           123
+ # define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+ # define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                 126
+ # define ENGINE_F_ENGINE_SET_ID                           129
+ # define ENGINE_F_ENGINE_SET_NAME                         130
+ # define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+ # define ENGINE_F_ENGINE_UNLOAD_KEY                       152
+ # define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
+ # define ENGINE_F_ENGINE_UP_REF                           190
+ # define ENGINE_F_INT_CTRL_HELPER                         172
+ # define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+ # define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
+ # define ENGINE_F_LOG_MESSAGE                             141
  
  /* Reason codes. */
- #define ENGINE_R_ALREADY_LOADED                                100
- #define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER              133
- #define ENGINE_R_CMD_NOT_EXECUTABLE                    134
- #define ENGINE_R_COMMAND_TAKES_INPUT                   135
- #define ENGINE_R_COMMAND_TAKES_NO_INPUT                        136
- #define ENGINE_R_CONFLICTING_ENGINE_ID                         103
- #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED          119
- #define ENGINE_R_DH_NOT_IMPLEMENTED                    139
- #define ENGINE_R_DSA_NOT_IMPLEMENTED                   140
- #define ENGINE_R_DSO_FAILURE                           104
- #define ENGINE_R_DSO_NOT_FOUND                                 132
- #define ENGINE_R_ENGINES_SECTION_ERROR                         148
- #define ENGINE_R_ENGINE_CONFIGURATION_ERROR            102
- #define ENGINE_R_ENGINE_IS_NOT_IN_LIST                         105
- #define ENGINE_R_ENGINE_SECTION_ERROR                  149
- #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY            128
- #define ENGINE_R_FAILED_LOADING_PUBLIC_KEY             129
- #define ENGINE_R_FINISH_FAILED                                 106
- #define ENGINE_R_GET_HANDLE_FAILED                     107
- #define ENGINE_R_ID_OR_NAME_MISSING                    108
- #define ENGINE_R_INIT_FAILED                           109
- #define ENGINE_R_INTERNAL_LIST_ERROR                   110
- #define ENGINE_R_INVALID_ARGUMENT                      143
- #define ENGINE_R_INVALID_CMD_NAME                      137
- #define ENGINE_R_INVALID_CMD_NUMBER                    138
- #define ENGINE_R_INVALID_INIT_VALUE                    151
- #define ENGINE_R_INVALID_STRING                                150
- #define ENGINE_R_NOT_INITIALISED                       117
- #define ENGINE_R_NOT_LOADED                            112
- #define ENGINE_R_NO_CONTROL_FUNCTION                   120
- #define ENGINE_R_NO_INDEX                              144
- #define ENGINE_R_NO_LOAD_FUNCTION                      125
- #define ENGINE_R_NO_REFERENCE                          130
- #define ENGINE_R_NO_SUCH_ENGINE                                116
- #define ENGINE_R_NO_UNLOAD_FUNCTION                    126
- #define ENGINE_R_PROVIDE_PARAMETERS                    113
- #define ENGINE_R_RSA_NOT_IMPLEMENTED                   141
- #define ENGINE_R_UNIMPLEMENTED_CIPHER                  146
- #define ENGINE_R_UNIMPLEMENTED_DIGEST                  147
- #define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD       101
- #define ENGINE_R_VERSION_INCOMPATIBILITY               145
+ # define ENGINE_R_ALREADY_LOADED                          100
+ # define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+ # define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+ # define ENGINE_R_COMMAND_TAKES_INPUT                     135
+ # define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+ # define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+ # define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+ # define ENGINE_R_DH_NOT_IMPLEMENTED                      139
+ # define ENGINE_R_DSA_NOT_IMPLEMENTED                     140
+ # define ENGINE_R_DSO_FAILURE                             104
+ # define ENGINE_R_DSO_NOT_FOUND                           132
+ # define ENGINE_R_ENGINES_SECTION_ERROR                   148
+ # define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
+ # define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+ # define ENGINE_R_ENGINE_SECTION_ERROR                    149
+ # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+ # define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+ # define ENGINE_R_FINISH_FAILED                           106
+ # define ENGINE_R_GET_HANDLE_FAILED                       107
+ # define ENGINE_R_ID_OR_NAME_MISSING                      108
+ # define ENGINE_R_INIT_FAILED                             109
+ # define ENGINE_R_INTERNAL_LIST_ERROR                     110
+ # define ENGINE_R_INVALID_ARGUMENT                        143
+ # define ENGINE_R_INVALID_CMD_NAME                        137
+ # define ENGINE_R_INVALID_CMD_NUMBER                      138
+ # define ENGINE_R_INVALID_INIT_VALUE                      151
+ # define ENGINE_R_INVALID_STRING                          150
+ # define ENGINE_R_NOT_INITIALISED                         117
+ # define ENGINE_R_NOT_LOADED                              112
+ # define ENGINE_R_NO_CONTROL_FUNCTION                     120
+ # define ENGINE_R_NO_INDEX                                144
+ # define ENGINE_R_NO_LOAD_FUNCTION                        125
+ # define ENGINE_R_NO_REFERENCE                            130
+ # define ENGINE_R_NO_SUCH_ENGINE                          116
+ # define ENGINE_R_NO_UNLOAD_FUNCTION                      126
+ # define ENGINE_R_PROVIDE_PARAMETERS                      113
+ # define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
+ # define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+ # define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+ # define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
+ # define ENGINE_R_VERSION_INCOMPATIBILITY                 145
  
  #ifdef  __cplusplus
  }
@@@ -5,21 -5,21 +5,21 @@@
   * This package is an SSL implementation written
   * by Eric Young (eay@cryptsoft.com).
   * The implementation was written so as to conform with Netscapes SSL.
-  * 
+  *
   * This library is free for commercial and non-commercial use as long as
   * the following conditions are aheared to.  The following conditions
   * apply to all code found in this distribution, be it the RC4, RSA,
   * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   * included with this distribution is covered by the same copyright terms
   * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-  * 
+  *
   * Copyright remains Eric Young's, and as such any Copyright notices in
   * the code are not to be removed.
   * If this package is used in a product, Eric Young should be given attribution
   * as the author of the parts of the library used.
   * This can be in the form of a textual message at program startup or
   * in documentation (online or textual) provided with the package.
-  * 
+  *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *     Eric Young (eay@cryptsoft.com)"
   *    The word 'cryptographic' can be left out if the rouines from the library
   *    being used are not cryptographic related :-).
-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+  * 4. If you include any Windows specific code (or a derivative thereof) from
   *    the apps directory (application code) you must include an acknowledgement:
   *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-  * 
+  *
   * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@@ -49,7 -49,7 +49,7 @@@
   * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
-  * 
+  *
   * The licence and distribution terms for any publically available version or
   * derivative of this code cannot be changed.  i.e. this code cannot simply be
   * copied and put under another distribution licence
  #include "cryptlib.h"
  #include <openssl/evp.h>
  #ifndef OPENSSL_NO_ENGINE
- #include <openssl/engine.h>
+ # include <openssl/engine.h>
  #endif
  
  #if 0
- #undef OpenSSL_add_all_algorithms
+ # undef OpenSSL_add_all_algorithms
  
  void OpenSSL_add_all_algorithms(void)
      {
-       OPENSSL_add_all_algorithms_noconf();
      }
+ {
+     OPENSSL_add_all_algorithms_noconf();
+ }
  #endif
  
  void OPENSSL_add_all_algorithms_noconf(void)
      {
-       /*
-        * For the moment OPENSSL_cpuid_setup does something
-        * only on IA-32, but we reserve the option for all
-        * platforms...
-        */
-       OPENSSL_cpuid_setup();
-       OpenSSL_add_all_ciphers();
-       OpenSSL_add_all_digests();
+ {
+     /*
+      * For the moment OPENSSL_cpuid_setup does something
+      * only on IA-32, but we reserve the option for all
+      * platforms...
+      */
+     OPENSSL_cpuid_setup();
+     OpenSSL_add_all_ciphers();
+     OpenSSL_add_all_digests();
  #ifndef OPENSSL_NO_ENGINE
 -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV)
-       ENGINE_setup_bsd_cryptodev();
+     ENGINE_setup_bsd_cryptodev();
  # endif
  #endif
      }
+ }
@@@ -7,7 -7,7 +7,7 @@@
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
-  *    notice, this list of conditions and the following disclaimer. 
+  *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
  #include <openssl/crypto.h>
  #include <openssl/opensslconf.h>
  
 -#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
 +#if defined(__OpenBSD__) || defined(__DragonFly__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
  
- #include OPENSSL_UNISTD
+ # include OPENSSL_UNISTD
  
  int OPENSSL_issetugid(void)
      {
-       return issetugid();
      }
+ {
+     return issetugid();
+ }
  
  #elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
  
  int OPENSSL_issetugid(void)
      {
-       return 0;
      }
+ {
+     return 0;
+ }
  
  #else
  
- #include OPENSSL_UNISTD
- #include <sys/types.h>
+ # include OPENSSL_UNISTD
+ # include <sys/types.h>
  
  int OPENSSL_issetugid(void)
-       {
-       if (getuid() != geteuid()) return 1;
-       if (getgid() != getegid()) return 1;
-       return 0;
-       }
+ {
+     if (getuid() != geteuid())
+         return 1;
+     if (getgid() != getegid())
+         return 1;
+     return 0;
+ }
  #endif
@@@ -5,21 -5,21 +5,21 @@@
   * This package is an SSL implementation written
   * by Eric Young (eay@cryptsoft.com).
   * The implementation was written so as to conform with Netscapes SSL.
-  * 
+  *
   * This library is free for commercial and non-commercial use as long as
   * the following conditions are aheared to.  The following conditions
   * apply to all code found in this distribution, be it the RC4, RSA,
   * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   * included with this distribution is covered by the same copyright terms
   * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-  * 
+  *
   * Copyright remains Eric Young's, and as such any Copyright notices in
   * the code are not to be removed.
   * If this package is used in a product, Eric Young should be given attribution
   * as the author of the parts of the library used.
   * This can be in the form of a textual message at program startup or
   * in documentation (online or textual) provided with the package.
-  * 
+  *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *     Eric Young (eay@cryptsoft.com)"
   *    The word 'cryptographic' can be left out if the rouines from the library
   *    being used are not cryptographic related :-).
-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+  * 4. If you include any Windows specific code (or a derivative thereof) from
   *    the apps directory (application code) you must include an acknowledgement:
   *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-  * 
+  *
   * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@@ -49,7 -49,7 +49,7 @@@
   * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
-  * 
+  *
   * The licence and distribution terms for any publically available version or
   * derivative of this code cannot be changed.  i.e. this code cannot simply be
   * copied and put under another distribution licence
@@@ -63,7 -63,7 +63,7 @@@
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
-  *    notice, this list of conditions and the following disclaimer. 
+  *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *
   */
  /*
-   DTLS code by Eric Rescorla <ekr@rtfm.com>
-   Copyright (C) 2006, Network Resonance, Inc.
-   Copyright (C) 2011, RTFM, Inc.
- */
+  * DTLS code by Eric Rescorla <ekr@rtfm.com>
+  *
+  * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+  */
  
  #ifndef HEADER_D1_SRTP_H
- #define HEADER_D1_SRTP_H
+ # define HEADER_D1_SRTP_H
  
- #include <openssl/ssl.h>
+ # include <openssl/ssl.h>
  
  #ifdef  __cplusplus
  extern "C" {
  #endif
  
-      
- #define SRTP_AES128_CM_SHA1_80 0x0001
- #define SRTP_AES128_CM_SHA1_32 0x0002
- #define SRTP_AES128_F8_SHA1_80 0x0003
- #define SRTP_AES128_F8_SHA1_32 0x0004
- #define SRTP_NULL_SHA1_80      0x0005
- #define SRTP_NULL_SHA1_32      0x0006
+ # define SRTP_AES128_CM_SHA1_80 0x0001
+ # define SRTP_AES128_CM_SHA1_32 0x0002
+ # define SRTP_AES128_F8_SHA1_80 0x0003
+ # define SRTP_AES128_F8_SHA1_32 0x0004
+ # define SRTP_NULL_SHA1_80      0x0005
+ # define SRTP_NULL_SHA1_32      0x0006
  
- #ifndef OPENSSL_NO_SRTP
+ # ifndef OPENSSL_NO_SRTP
  
  int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
  int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
 -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
  
  STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
  SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
  
- #endif
+ # endif
  
  #ifdef  __cplusplus
  }
  #endif
  
  #endif